Skip to main content
Signature requests are done through the subcommand code-sign-req, so invocations are generally through fxcli.kmes code-sign-req.
None
 Code Sign Request Management

    Commands:
        list                 Enumerate the existing signing requests
        get                  Fetch info on a signing request
        submit               Submit a new request to sign the given file
        download             Download and apply a signature from a signed request
        approve              Approve a signing request
        deny                 Deny a signing request
        delete               Delete a signing request
The code-sign-req subcommand can manage signing requests. For the actual code signing, the two main commands are submit and download.
None
Usage: code-sign-req submit <Options>

       -h  --help                       Show this message
       -i  --uuid <Value>               UUID of the issuance policy to use to sign with.
       -t  --hash-type <Value>          Type of digest to use.
       -f  --file <Value>               Signable file to hash.
       -n  --name <Value>               Human readable name of the request for viewing
None
Usage: code-sign-req download <Options>

       -h  --help                       Show this message
       -i  --id <Value>                 Identifier recognizing the request to download
       -f  --file <Value>               File to apply authenticode signature to
The output of code-sign-req submit contains a request ID unique to the submitted request. This allows you to submit and monitor many requests in parallel. Example output of code-sign-req submit:
None
result:
    status: success
    statusCode: 0
request:
    id: "4298AD45867D3ABB"
    hashType: "SHA256"
    requestName: "example"
You must use the fxcl-code-sign.sh script to get the request ID. Usage can look like:
Shell
fxcl-code-sign.sh -i 01a8d9a1-bcad-0000-0006-a4392b18305b -t sha256 -f example.exe -n "gitlab codesign example"