Azure KeyVault HSM Guide

in #azureyesterday

Learn how to create an Azure Key Vault and configure it with the Premium tier to meet FIPS 140-2 compliance.

  • Generate a Certificate Signing Request (CSR) directly in Azure Key Vault using RSA-HSM keys.

  • Set the certificate type to "non-integrated CA" and define the EKU as 1.3.6.1.5.5.7.3.3 for Code Signing.

  • Set "Exportable Private Key" to No and choose a minimum 4096-bit key.

  • Submit the CSR to DigiCert during the certificate order process and complete the validation.

  • After DigiCert issues the certificate, return to Azure and use "Merge Signed Request" to import the signed certificate (.PEM).

  • The EV Code Signing Certificate will now be securely stored in Azure Key Vault HSM.

  • You can use the certificate with Azure Pipelines or tools like Azure Sign Tool.

  • Ideal for both individual developers and enterprise teams.

  • Includes a video tutorial for step-by-step visual guidance.

Complete process with screenshots - https://signmycode.com/resources/how-to-create-private-keys-csr-and-import-code-signing-certificate-in-azure-keyvault-hsm

#code #signing #cloud #hsm #csr
yesterday in #azure by
$0.00
    Reply 0