This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new ef0acdb9d4 Switch from DigiCert ONE to ssl.com eSigner for code signing
ef0acdb9d4 is described below
commit ef0acdb9d42fe1fdaa3964d865d4e98812eeec19
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Oct 23 08:32:36 2024 +0100
Switch from DigiCert ONE to ssl.com eSigner for code signing
---
build.properties.default | 10 ++++++----
build.xml | 8 ++++++--
webapps/docs/changelog.xml | 3 +++
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 0aae5aba4a..e8c6b2d891 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -95,11 +95,13 @@ gpg.exec=/path/to/gpg
# Code signing of Windows installer
# See https://infra.apache.org/digicert-use.html for setup instructions
do.codesigning=false
-codesigning.alias=Tomcat-PMC-cert-2023-11
-codesigning.digest=SHA-512
-codesigning.storetype=DIGICERTONE
+codesigning.alias=d97c5110-c66a-4c0c-ac0c-1cd6af812ee6
+codesigning.digest=SHA256
+codesigning.storetype=ESIGNER
# Set codesigning.storepass in build.properties with the following syntax
-#codesigning.storepass=<api-key>|/path/to/Certificate_pkcs12.p12|<password>
+#codesigning.storepass=<ssl.com user name>|<ssl.com password>
+# Set codesigning.keypass in build.properties with the following syntax
+#codesigning.keypass=<ssl.com TOTP secret>
# ----- Settings to control downloading of files -----
execute.download=true
diff --git a/build.xml b/build.xml
index b2953f4797..e0918acf28 100644
--- a/build.xml
+++ b/build.xml
@@ -2657,9 +2657,11 @@ skip.installer property in build.properties" />
<jsign file="${tomcat.dist}/Uninstall.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
+ keypass="${codesigning.keypass}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com";
+ tsaurl="http://ts.ssl.com";
+ tsmode="RFC3161"
detached="true"/>
<!-- Copy detached signature to source tree -->
<copy file="${tomcat.dist}/Uninstall.exe.sig" todir="res/install-win"/>
@@ -2692,9 +2694,11 @@ skip.installer property in build.properties" />
<jsign file="${tomcat.release}/v${version}/bin/${final.name}.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
+ keypass="${codesigning.keypass}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com";
+ tsaurl="http://ts.ssl.com";
+ tsmode="RFC3161"
detached="true" />
<!-- Copy detached signature to source tree -->
<copy file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d55c754aa4..89ed51ba92 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -216,6 +216,9 @@
<update>
Update Byte Buddy to 1.15.4. (remm)
</update>
+ <update>
+ Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
