Comment 10 for bug 1517823

> Conservancy may already have a certificate that we can share and we may not need to purchase a new one, but we should check with the certificate authority that is permissible under their rules.

Sharing a private key isn't a great idea from a build security perspective. I'd prefer our build signing keys be highly restricted to those who truly need access (i.e. to install them on a builder VM).