On Tuesday, November 12, 2013 6:46:33 PM UTC+1, Mike Price wrote: > We are trying to implement signing of xpi files using the NSS Signtool.exe. > However, we need to access our certificate keys from our HSM server instead > of having the keys installed in the local keystore on the signing machine. > Does anyone have information on how to set this up and what the command-line > syntax looks like?
If you can make HSM work from within normal firefox profile, up to the point where certificates from HSM are listed in the Firefox uptions GUI, then yes. Use: signtool.exe -k "keyname" -d "/path/to/above/firefox/profile/directory" +your other usual parameters. see https://developer.mozilla.org/en-US/docs/NSS_tools_:_signtool -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto