Announcement: .NET 6 will shift to a new signing certificate for some components #51967
Comments
dotnet-issue-labeler
bot
added
area-System.Security
untriaged
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue Details.NET 6 will shift to a new signing certificate for many of its core binaries. This shift is intended to make it easier for Windows Defender Application Control (WDAC) customers to choose whether to allow .NET 6 and beyond on their environments, without the side effects a key shared between multiple products might have. DetailsToday Microsoft signs .NET artifacts with a variety of certificates. For example, NuGet packages, 3rd party binaries redistributed with .NET, Visual Studio extension packages, and some specialized debugging related binaries all have different certificates. The most common certificate is Microsoft Corporation, with issuer Microsoft Code Signing PCA 2011 and thumbprint abdca79af9dd48a0ea702ad45260b3c03093fb4b, used to sign most executable files. .NET is switching to .NET, with issuer Microsoft Code Signing PCA 2011 and thumbprint 60ff375e5669b98d43ea0e2328e618cf73c0f91d. Not all binaries signed with Microsoft Corporation are shifting to the new certificate. .NET repackages a variety of assets from previous releases (e.g. targeting packs), and those will not change. Only newly built .NET 6 binaries will get the new certificate. Some tooling utilized in Visual Studio will remain on the existing cert.
|
hoyosjs
removed
area-System.Security
untriaged
|
@mmitche shall we close this? I assume this should be in the breaking changes list or readme, and we can close this notification now. |
|
Yeah it can be closed. |
ghost
locked as resolved and limited conversation to collaborators
.NET 6 will shift to a new signing certificate for many of its core binaries. This shift is intended to make it easier for Windows Defender Application Control (WDAC) customers to choose whether to allow .NET 6 and beyond on their environments, without the side effects a key shared between multiple products might have.
Details
Today Microsoft signs .NET artifacts with a variety of certificates. For example, NuGet packages, 3rd party binaries redistributed with .NET, Visual Studio extension packages, and some specialized debugging related binaries all have different certificates. The most common certificate is Microsoft Corporation, with issuer Microsoft Code Signing PCA 2011 and thumbprint abdca79af9dd48a0ea702ad45260b3c03093fb4b, used to sign most executable files. .NET is switching to .NET, with issuer Microsoft Code Signing PCA 2011 and thumbprint 60ff375e5669b98d43ea0e2328e618cf73c0f91d.
Not all binaries signed with Microsoft Corporation are shifting to the new certificate. .NET repackages a variety of assets from previous releases (e.g. targeting packs), and those will not change. Only newly built .NET 6 binaries will get the new certificate. Some tooling utilized in Visual Studio will remain on the existing cert.
The text was updated successfully, but these errors were encountered: