You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
.NET 6 will shift to a new signing certificate for many of its core binaries. This shift is intended to make it easier for Windows Defender Application Control (WDAC) customers to choose whether to allow .NET 6 and beyond on their environments, without the side effects a key shared between multiple products might have.
Details
Today Microsoft signs .NET artifacts with a variety of certificates. For example, NuGet packages, 3rd party binaries redistributed with .NET, Visual Studio extension packages, and some specialized debugging related binaries all have different certificates. The most common certificate is Microsoft Corporation, with issuer Microsoft Code Signing PCA 2011 and thumbprint abdca79af9dd48a0ea702ad45260b3c03093fb4b, used to sign most executable files. .NET is switching to .NET, with issuer Microsoft Code Signing PCA 2011 and thumbprint 60ff375e5669b98d43ea0e2328e618cf73c0f91d.
Not all binaries signed with Microsoft Corporation are shifting to the new certificate. .NET repackages a variety of assets from previous releases (e.g. targeting packs), and those will not change. Only newly built .NET 6 binaries will get the new certificate. Some tooling utilized in Visual Studio will remain on the existing cert.
.NET 6 will shift to a new signing certificate for many of its core binaries. This shift is intended to make it easier for Windows Defender Application Control (WDAC) customers to choose whether to allow .NET 6 and beyond on their environments, without the side effects a key shared between multiple products might have.
Details
Today Microsoft signs .NET artifacts with a variety of certificates. For example, NuGet packages, 3rd party binaries redistributed with .NET, Visual Studio extension packages, and some specialized debugging related binaries all have different certificates. The most common certificate is Microsoft Corporation, with issuer Microsoft Code Signing PCA 2011 and thumbprint abdca79af9dd48a0ea702ad45260b3c03093fb4b, used to sign most executable files. .NET is switching to .NET, with issuer Microsoft Code Signing PCA 2011 and thumbprint 60ff375e5669b98d43ea0e2328e618cf73c0f91d.
Not all binaries signed with Microsoft Corporation are shifting to the new certificate. .NET repackages a variety of assets from previous releases (e.g. targeting packs), and those will not change. Only newly built .NET 6 binaries will get the new certificate. Some tooling utilized in Visual Studio will remain on the existing cert.
Discussion
Questions or concerns? Please discuss at dotnet/runtime#51967
The text was updated successfully, but these errors were encountered: