We got our code signing certificate, exported it to a pfx file and browsed to the new file with VS2010. After entering the path to datestamp everything works (I hope) and we now have customers with a warm fuzzy feeling…
When the file was downloaded there was a warning about backing up the private key - does that mean just backup the certificate, or is there something else we should be doing to literally just backup the key?
With the Stuxnet issue flying around the internet it is quite clear that security is important - but can I find a step by step guide (other than the less than informative ‘securing your private keys…’ from Symantec) that runs through best practices? Does Comodo have such a guide? Clearly we don’t want to compromise security, but we don’t want VS2010 to kick off and throw all the toys out of the playpen when we deploy a clickonce project either.
If anyone can point me in the correct direction I would appreciate it!
Thanks