PDA

View Full Version : Comodo - Purchasing several signatures from the same computer



NewsArchive
03-31-2009, 02:12 AM
Hello all,

here another Comodo-question ;-)

I have one signature from them already, licensed to my company (which is
me as a person, so the name displayed inside the signature is my name).

In the meantime I have founded a new company (LLC) which has another name.
Because the name is different I tend to purchase new signature, bearing
the new name. You will understand that I want to avoid being made
responsible as a single person for what the company has to be accounted
for.

From what I read about purchasing the signature is that it must be a
non-Vista-machine and has to be the same machine where you install the
..pvk and .spc from where you ordered.

My question now: can I order a second, a different signature from the same
machine and maintain different projects with its own dedicated signature?

Or am I thinking too complicated here?

Thanks
Wolfgang




--
Grüße / Regards
Wolfgang Orth

http://www.odata.de



Erstellt mit Operas revolutionärem E-Mail-Modul: http://www.opera.com/mail/

NewsArchive
03-31-2009, 02:14 AM
> Hello all,
>
> here another Comodo-question ;-)
>
> I have one signature from them already, licensed to my company (which is
> me as a person, so the name displayed inside the signature is my name).
>
> In the meantime I have founded a new company (LLC) which has another name.
> Because the name is different I tend to purchase new signature, bearing
> the new name. You will understand that I want to avoid being made
> responsible as a single person for what the company has to be accounted
> for.

Wolfgang,

The files you receive - pvk and .spc are moveable to other folders to be
referenced from those folders for SB code signing.

When you start the ORDER process, you need to use the SAME computer, from
start until those files (FOR the NEW digital signature) appear on the
computer on which you began the order process.

That said, you could use ANOTHER computer than the one you used previously,
but that is not necessary either.

If I recall correctly, those important files, pvk and .spc, are installed
to the C: Root so make sure your previous digital signature - pvk and .spc
are not still located there.

bottom line, once you receive the new digital signatue - keep both sets
(pvk and .spc) in different PC folders, and use the SB prompts to refer to
those locations if you use the SB program to digitally sign your EXEs (and
also for the Install program digital signature as well).

Unless, things have changed - start your order process on a computer with
XP OS (or even works with W2K, I believe) with Internet Explorer installed
for best results in ordering process.

I believe some have reported even using an XP Virtual Machine to order.

Others can chime in, if any of this is misleading or not technically
correct.

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/

NewsArchive
03-31-2009, 02:15 AM
Correct, but doesn't address his question as I read it.

In that you need to use the SAME computer to retrieve the certificate
(meaning something is presumably stashed in the registry), I think he's
asking whether there may be some residue that would interfere with using
that same computer to purchase a different certificate.

My assumption would be NO. But as I haven't actually tried it, I couldn't
say for sure.

Jane

NewsArchive
03-31-2009, 02:16 AM
> Correct, but doesn't address his question as I read it.
>
> In that you need to use the SAME computer to retrieve the certificate
> (meaning something is presumably stashed in the registry), I think he's
> asking whether there may be some residue that would interfere with using
> that same computer to purchase a different certificate.
>
> My assumption would be NO. But as I haven't actually tried it, I couldn't
> say for sure.

Jane,

I can understand your hedging on this answer, because you don't have
practical experience with it.

Clarion Magazine - Subscription required

http://www.clarionmag.com/cmag/v8/v8n11signing2.html

Key details - 5. Where do you wish to store your private key?

Isn't this the reason - we choose the option to store

In the file: C:\mykey.pvk

to the computer's root folder (same computer the order was initiated)

so then we can easily copy and transfer the created mykey.pvk and mykey.spc
files to use on other computers - other folder locations?

Isn't the OTHER storage option - In the CSP - a registry entry, and
therefore could only be used on that single computer?

That would BE the problem, wouldn't it, if someone used that storage
technique, and using the same computer would overwrite that registry entry

- BUT, of course, hopefully, ANYONE who orders a digital signature uses

In the file: C:\mykey.pvk storage option.

(of course, I make reference to your excellent CMag article, however, the
details I provide in this reply are publicly published in a number of
places)

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/

NewsArchive
04-01-2009, 01:18 AM
Yes, I've read the article, David <g>

But as my latest article on purchasing a certificate
(http://www.clarionmag.com/cmag/v11/v11n01certificate.html) describes, I got
bitten during the purchase process last year because my XP machine that I'd
used to submit my information crashed before I collected the signed
certificate.

IOW, before I had both files in my hot little hands, something important was
(temporarily) stored on the machine I was using for the purchase.

It's that interim period that I think Wolfgang is asking about. Once the
file has been collected, no worries.

Jane

NewsArchive
04-01-2009, 01:19 AM
> Yes, I've read the article, David <g>
>
> But as my latest article on purchasing a certificate
> (http://www.clarionmag.com/cmag/v11/v11n01certificate.html) describes, I got
> bitten during the purchase process last year because my XP machine that I'd
> used to submit my information crashed before I collected the signed
> certificate.

Jane,

AND THAT is why it's important to have a GREAT (Comodo) support system in
place - I too made mistakes, ended up actually using another computer with
W2K PRO,

but Support allowed me to go through the process again (using, of course,
the initial account information that verified my company as legitimate),
and finally the whole important - two critical saved files.

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/

NewsArchive
04-01-2009, 01:20 AM
Hello david,

as Jane stated, that there might be something behind the curtain.

I did not think of an entry in the registry, I suspected that at the begin
of the process Comodo makes a sort of "fingerprint" of the computer to
compare against at the end-

Not that I am paranoid, just want to avoid pot-holes!

But I read that it seems to be a problem to order a new DigSig with the
same mail-address:

http://forums.comodo.com/digital_certificates_encryption_and_digital_signin g/need_a_new_certificate_issued_to_an_existing_email _account-t34116.0.html

I am in the progress of research and send some requests to Comodo, will
report about it when I got some material.

bye
Wolfgang

NewsArchive
04-01-2009, 01:21 AM
> Hello david,
>
> as Jane stated, that there might be something behind the curtain.
>
> I did not think of an entry in the registry, I suspected that at the begin
> of the process Comodo makes a sort of "fingerprint" of the computer to
> compare against at the end-
>
> Not that I am paranoid, just want to avoid pot-holes!

Wolfgang,

Thanks for the heads up on "another possible snag" in the process, however,
I will say this - when I went through the process - I made some of the
classic mistakes - Vista with FF - but fortunately, Comodo support
patiently helped through to the two critical files - SAVED to my HD.

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/

NewsArchive
04-02-2009, 01:30 AM
> I will say this - when I went through the process - I made some of the
> classic mistakes - Vista with FF - ......

On their Knowledgebase Comodo itself says that it it possibble with any
browser - since June 2007 - but...

.... and then a description follows how to act when having ordered with FF.
(IOW how to fix your FF-mistake <eg>)

At least codesigning with Comodo is a good reason to have the IE sticking
somewhere <g>


What I do in the moment is to get some founded information about how to
order a (new) certificate and - most important for me - how to make sure
to get the desired issuer name into the certificate.

My first one contains my personal name. I was very disappointed about that
because I expected my companys name in there. But there is no chance to
modify it anymore after the purchase. :-(

Now I am in contact with Comodos support to learn how to make that sure -
unfortunately support folks tend to answer to the first question of a mail
only, the rest gets ignored.

Too bad that this friendly person at Comodo did not even understand my
first question. Okay, might be my fault.

I will report about this topic (getting the desired name into the DigSig)
as soon as I got the response from Comodo.




--
Grüße / Regards
Wolfgang Orth

http://www.odata.de



Erstellt mit Operas revolutionärem E-Mail-Modul: http://www.opera.com/mail/

NewsArchive
04-02-2009, 01:31 AM
>> I will say this - when I went through the process - I made some of the
>> classic mistakes - Vista with FF - ......
>
> On their Knowledgebase Comodo itself says that it it possibble with any
> browser - since June 2007 - but...

Wolfgang,

July 17 2007 - that is my start date - 3 year cert - so don't believe
everything you read on web sites. :-D

>
> .... and then a description follows how to act when having ordered with FF.
> (IOW how to fix your FF-mistake <eg>)

Exactly! :-D

>
> At least codesigning with Comodo is a good reason to have the IE sticking
> somewhere <g>

what is a windows OS without SOME version of IE hanging around?!

>
>
> What I do in the moment is to get some founded information about how to
> order a (new) certificate and - most important for me - how to make sure
> to get the desired issuer name into the certificate.
>
> My first one contains my personal name. I was very disappointed about that
> because I expected my companys name in there. But there is no chance to
> modify it anymore after the purchase. :-(
>
> Now I am in contact with Comodos support to learn how to make that sure -
> unfortunately support folks tend to answer to the first question of a mail
> only, the rest gets ignored.
>
> Too bad that this friendly person at Comodo did not even understand my
> first question. Okay, might be my fault.
>
> I will report about this topic (getting the desired name into the DigSig)
> as soon as I got the response from Comodo.

How it goes MUCH better this time!

One thing for sure - the PRICE is fantastic through:

Product Description - Comodo Code Signing Certificate, MFG - Comodo
Internet Link - http://www.lindersoft.com/order_codesigning.htm

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/