DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Configure KeyLocker for SMCTL

Solution ID : TL43
Last Modified : 12/12/2024

 

This article covers the steps that are needed to configure your signing machine to sign your files using DigiCert KeyLocker and the SMCTL command.

Before you begin:

Ensure that you have generated your KeyLocker API key and client certificate (see: DigiCert KeyLocker Configuration for Windows)

Log in to your DigiCert ONE account to view and copy the keypair alias for your code signing certificate.

Designate a signer for your certificate in DigiCert ONE.

Configure your preferred signing tool:

 

Sign using SMCTL and SignTool:

 

1. Synchronize your certificate using the following command: smctl windows certsync --keypair-alias=<your keypair alias>

You should receive the following response: Syncing certificate for alias: <your keypair alias>, ID: <your certificate ID> and SHA1 Fingerprint: <your certificate SHA1 fingerprint>


2. To sign, run the following command: smctl sign --fingerprint <your certificate SHA1 fingerprint> --input <file you want to sign>

If successful, you should see this response: signCommand command for file <file you signed> was SUCCESSFUL


3. To sign multiple files, place the files into a specific folder.

Run the following command: smctl sign --fingerprint <your certificate SHA1 fingerprint> --input <folder containing your files>

 


Sign using SMCTL and JarSigner:

 

1. Synchronize your certificate using the following command: smctl windows certsync --keypair-alias=<your keypair alias>

You should receive the following response: Syncing certificate for alias: <your keypair alias>, ID: <your certificate ID> and SHA1 Fingerprint: <your certificate SHA1 fingerprint>



2. To sign, run the following command: smctl sign --keypair-alias=<your keypair alias> --config-file <path to pkcs11properties.cfg> --input <unsigned file path>

If successful, you should see this response: signCommand command for file <file you signed> was SUCCESSFUL



3. To sign multiple files, place the files into a specific folder.

Run the following command: smctl sign --keypair-alias=<your keypair alias> --config-file <path to pkcs11properties.cfg> --input <folder containing your files>
 

Verify signed files using SMCTL:


Verify an individual file: smctl sign verify --input <signed file>
 



Verify multiple files: smctl sign verify --input <folder containing your signed file>
 

For more information on the SMCTL command, see Sign binaries with SMCTL.

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.