My certificate is expiring soon, so I need to renew. Certificates seem to require Hardware Security Modules or secure USB tokens now. Will signing still work like it did before when compiling (other than probably requiring the device)?
Also, is there any advantage to EV certificates over OV?
Thanks,
Paul
The only meaningful difference between EV and OV besides the cost is that an EV certificate may eliminate an extra prompt when someone installs or runs the application. I guess you would need to decide if the cost is worth it or not.
You don't necessarily need a hardware device for the new certificates because many certificate issuers provide installable tools to allow you to sign executables using internet-accessible remote private key storage provided by the issuer and using your local Windows credential store for the credentials needed to access the private key storage. If everything is installed and configured correctly, this setup works with the WinBatch code signing IntControl, the compiler signing functionality, and MSFT's code signing tools.