What is Trusted Signing?

Certificate signing can be a challenge for organizations. The process involves getting certificates, securing them, and operationalizing a secure way to integrate certificates into build pipelines.

Trusted Signing is a Microsoft fully managed, end-to-end signing solution that simplifies the certificate signing process and helps partner developers more easily build and distribute applications. Trusted Signing is part of the Microsoft commitment to an open, inclusive, and secure ecosystem.

Features

The Trusted Signing service:

  • Simplifies the signing process through an intuitive experience in Azure.
  • Provides zero-touch certificate lifecycle management inside FIPS 140-2 Level 3 certified HSMs.
  • Integrates with leading developer toolsets.
  • Supports Public Trust, Private Trust, virtualization-based security (VBS) enclave, code integrity (CI) policy, and test signing scenarios.
  • Includes a timestamping service.
  • Offers content-confidential signing. Your file never leaves your endpoint, and you get digest signing that is fast and reliable.

Resource structure

The following figure shows a high-level overview of the Trusted Signing resource structure:

Diagram that shows the Trusted Signing service resource group and certificate profile structure.

You create a resource group in an Azure subscription. Then you create a Trusted Signing account inside the resource group.

A Trusted Signing account contains two resources:

  • Identity validation
  • Certificate profile

You can choose between two types of accounts:

  • Basic SKU
  • Premium SKU