Hi Friedrich,

Couple of weeks ago I was building a final release for a client which
includes code signing about 15 dlls and executables. I do that in a single
SB script that I call from BA so that I can codesign without doing a full
build. To my surprise the build failed on the code signing.

After some investigation I found that the comodoca.com which I had used on
all the code signing statements was unavailable for whatever reason. So I
had to change all the code signing statements to use the verisign.com
timestamp server.

Would it be possible to have an alternative? I.e. be able to pick the
comodoco.com one as primary and the verisign.com one as secondary, so that
if one fails SB will automatically try the other one?

Best regards,

--
Arnór Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com
Icetips product subscriptions at http://www.icetips.com/subscribe.php

I've noticed that happens from time to time. That would be cool to have a backup
timestamp server.

And if both fail, then I expect to see "She's sucking mud again, Scotty! Reboot
the router!"

<bg>

--
Russell B. Eggen
www.radfusion.com
Clarion developers: www.radfusion.com/devs.htm

Hi Arnór,

> Couple of weeks ago I was building a final release for a client which
> includes code signing about 15 dlls and executables. I do that in a
> single SB script that I call from BA so that I can codesign without
> doing a full build. To my surprise the build failed on the code
> signing.
>
> After some investigation I found that the comodoca.com which I had
> used on all the code signing statements was unavailable for whatever
> reason. So I had to change all the code signing statements to use
> the verisign.com timestamp server.
>
> Would it be possible to have an alternative? I.e. be able to pick
> the comodoco.com one as primary and the verisign.com one as secondary,
> so that if one fails SB will automatically try the other one?

The problem is that there are a couple of reasons for the code-signing
process not to succeed. And in most cases, a failed code-signing process is
NOT caused by the timestamp server.

Unfortunately, it's not possible to detect a timestamp issue. In fact, the
Comodo or VeriSign "timestamp links" itself are never down (there are
several backup servers). So you cannot simply use "ping" to check if it is
working. But of course, it's possible that the timestamp server does not
"work" as expected.

What you can do is the following: create a [TIMESTAMPSERVER] compiler
variable and set the value to your standard timestamp server. Then use this
compiler variable in all your code-signing properties. This method lets you
switch to another timestamp server in a blink of an eye <g>. You can even
pass the compiler variable value over from BA to automate this process.

Friedrich

Hi Friedrich,

> What you can do is the following: create a [TIMESTAMPSERVER] compiler
> variable and set the value to your standard timestamp server. Then use
> this compiler variable in all your code-signing properties. This method
> lets you switch to another timestamp server in a blink of an eye <g>. You
> can even pass the compiler variable value over from BA to automate this
> process.

That's an excellent idea! I don't have any other project that code signes
this many files so I'm definitely going to implement a compiler variable for
this.

Best regards,

--
Arnor Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com