We recently purchased an EV Code Signing Certificate from DigiCert to sign our MSI to get around the Windows SmartScreen warning message. The problem is that the Certificate was delivered to a USB Token that does not allow the exporting of the private key. Our build environment is on a hosted VM so there is no way we can plug the USB Token into the host VM.
Does anyone have a solution for using an EV Code Signing Certificate on a hosted VM? Do all Certificate Vendors deliver this type of certificate to a hardware token? How do you code sign an MSI in a virtual environment using this type of Cert?