[~aloraine] - Has the certificate been uploaded ?

We need a "pfx" file that combines the certificates from the signing authority (DigiCert) and the private key that was created when we made the CSR (certificate signing request) given to DigiCert.
DigiCert gave me a "p7b" file that contains certificates but not the private key.
According to this Web site (https://www.ibm.com/support/knowledgecenter/SSVP8U_9.7.0/com.ibm.drlive.doc/topics/r_extratsslcert.html) we can use openssl to get the private key from the existing pfx file we are using.
Then, we can use openssl again to package the certificates from the p7b file together with the private key from the existing pfx file to make an all-new "pfx" file that can then be used to sign the jar files.
What I would recommend doing is you make an IGB branch where the bitbucket pipelines file retrieves the newly created pfx file from somewhere. You can then test the build.
If the pipeline runs and are you are able to get the installers to build, then get somebody with a windows machine to try to install IGB using the new installer. If it installs without any kind of warning about an "unknown developer" then the "pfx" file is probably OK.
Search Jira for example errors messages that are shown when the code signing certificate being used is expired.

Is there a private key that you have created when you requested for the certificate?

Recover the private key from the current pfx file using openssl as described in the previous comment.

I have created a pfx file from the p7b file uploaded. I uploaded the file in my local repository of IGB and created a branch to use that file for authentication.
Tested on windows and works fine.

Testing Steps -
Install IGB - https://bitbucket.org/noorzahara/integrated-genome-browser-local1/downloads/IGBF-2560.exe on windows machine and check if it installs with no errors

Question:

• It sounds like you got hold of a windows machine and tested the installer. Is that right? Can a Windows user install IGB using the installer containing jars signed using the newly made "pfx" file?

If the new pfx file is indeed able to sign the jar and a user can then install IGB, I will take care of the next step. What I'm planning to do is replace the existing version-controlled "pfx" file with the new one you have made. No changes to IGB repository will be needed.

Yes, I have tested it on a windows machine. I was able to successfully install IGB with no errors.

I have renamed the new "pfx" file to "windows_keystore.pfx" and committed it to this branch:

• https://bitbucket.org/lorainelab/iipc/branch/IGBF-2560

This effectively replaces the existing (soon-to-be-expired) key with the new one made by Noor Zahara.

Noor Zahara - would you please ask a couple of the windows users tomorrow to try to install IGB using installer you created onto their systems?

If that works out OK, then I will merge the branch into the master branch. This will be enough to deploy the new key - no changes to the IGB code base will be needed.

Thank you!

Installed IGB on a windows machine using IGBF-2560 installer and it is working as expected.

Tested on windows machine. Installer ran without warnings. IGB opened as normal.

[~aloraine] - Karthik and Chirag have installed IGB on windows machine with no errors related to the certificate.

Merged PR from branch on iipc to master branch on upstream and updated master on iipc. The new key is now being used to sign jars in IGB main project pipeline.

To test, please confirm that the new master branch windows installers are working fine.