Are .pfx files valid for code signing in 2024? It appears we can no longer use a code signing certificate (that we just purchased from DigiCert) as a .pfx file since we cannot gain access to the private key.
We have several products with corresponding build pipelines that currently rely on an uploaded .pfx file with a password.
What's the easiest way to update our processes to conform to new standards? Does Azure/ADO have built-in solutions to streamline this?
DigiCert article on this topic.
We were able to connect our build pipelines in ADO to DigiCert Key Locker. In our case this was the most straightforward approach.
Article about private keys / .pfx files no longer being directly accessible.