Recently, my team and I have been exploring the possibility of replacing our windows to build a machine with an Amazon instance. We have come across this article from Amazon (https://aws.amazon.com/blogs/security/signing-executables-with-microsoft-signtool-exe-using-aws-cloudhsm-backed-certificates/) and was hoping it would allow us to build our windows binaries and sign them with the appropriate certs too.
The biggest issue we have right now, though, is that one of our products uses an Extended Validation(EV) certificate for building windows drivers. And that EV certificate is tied up with a USB dongle.
Unfortunately, I have not found any definitive documentation yet to this end. I have found this though, https://forums.aws.amazon.com/thread.jspa?messageID=947339󧒋, but still not definitive.
Has anybody successfully signed EV-certificates on windows binaries using the AWS CloudHSM setup? If so, can you share your experiences? Thank you very much.