From ccd1e1048ca4fd10494bfed49e4ea28f86843539 Mon Sep 17 00:00:00 2001
From: edoardo-kolver <88052315+edoardo-kolver@users.noreply.github.com>
Date: Thu, 4 Apr 2024 15:42:20 -0700
Subject: [PATCH] clarified instructions for certificates stored in hardware

The documentation says to export the certificate, but this introduces errors when the certificate is stored in a hardware token. You just need to specify the certificate fingerprint, no need to export. See issue https://github.com/dotnet/runtime/issues/100414
---
 docs/create-packages/Sign-a-Package.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/create-packages/Sign-a-Package.md b/docs/create-packages/Sign-a-Package.md
index fffc365a1..981527989 100644
--- a/docs/create-packages/Sign-a-Package.md
+++ b/docs/create-packages/Sign-a-Package.md
@@ -28,6 +28,8 @@ You can use self-issued certificates for testing purposes. However, packages sig
 
 ## Export the certificate file
 
+* If your certificate is stored in a hardware token, you don't need to export the certificate. Instead, specify the SHA-1 certificate fingerprint (thumbprint) by using the option `--certificate-fingerprint <SHA-1fingerprint>` (replacing `--certificate-path <PathToTheCertificate>`)
+
 * You can export an existing certificate to a binary DER format by using the Certificate Export Wizard.
 
   ![Certificate Export Wizard](../reference/media/CertificateExportWizard.png)