Our Global Sign security certificate expires this year in August, so we recently renewed it for another 3 years. Instead of sending a pfx file as in the past, Global Sign sent a USB token (memory stick plus drivers) onto which you download and install your certificate via a secure program. When you want to sign jar files, you insert the USB token into your computer and one-by-one sign jar files via command line and drivers. The USB token is for better security which we understand.
Our customer base is located throughout the USA and Canada, and when we remotely update a customer's Servoy server, we use Code Signer (remotely) to re-sign the jar files with our certificate. The problem is Code Signer requires a Java key store file (jks), but Global Sign does not allow you to extract the certificate from the USB token in order to create the jks file, thus rendering Code Signer (and the USB token) useless for remote use. The USB token files are not accessible/readable via Windows File Explorer or via PowerShell (only through the supplied drivers)...probably, encrypted.
I suppose we could sign the jar files on our computers, then upload them to our customers' servers, but that seems to be an inefficient solution. Anyone using a USB token to sign jar files. Any recommendations/suggestions how to get around this issue? How are others providing signed jar files with their own certificate Servoy jar files to remote customers?
Thanks!