our company ordered an EV-Certificate from GlobalSign.
Before we had a normal code signing certificate as a p12 file which we could use in Install4J.
Now, with the new certificate we have no cert-files but a usb-token.
Is there a built-in way to use the usb-token to sign executables/jars? Or do I need to use the "Executable processing" step of media wizard like mentioned here?
Maybe a way to sign all installers (win, mac, linux) from one machine (like macos)?
Based on Ingo's answer, it's not possible to use an EV Code Sign certificate. I hope, in future, it will.
As I said in my question, you have to use "Executable processing" in media wizard (for windows only).
You can use microsoft's codesign on windows itself or you can you a little tool called jsign which you can use on all platforms to sign windows executables with EV Code Sign certificate.
This is our call to jsign:
java -jar jsign-2.0.jar --keystore ./eToken.cfg --alias %GetAliasOfYourToken% --storetype PKCS11 --tsaurl http://timestamp.comodoca.com/authenticode --storepass %WriteTokenPasswordHere% $EXECUTABLE
eToken.cfg is a simple text-file with two lines:
name=eToken
library=/usr/local/lib/libeTPkcs11.dylib (because I'm on MacOS)
for Windows it should be:
library=c:\WINDOWS\system32\eTPKCS11.dll