PDA

View Full Version : Reminder: Check your Code-Signing Certificate Expiry Date! (February 01, 2012)



NewsArchive
02-01-2012, 08:27 AM
All,

It's time for another Comodo reminder. Today alone, we have received 11
support requests because code-signing certificates expired.

Please note that Comodo does not send renewal reminders!

Is your code-signing certificate due to expire? I would strongly suggest to
check this now! It is important that you buy your new certificate before
the expiry date. Once the certificate expired, you are unable to code-sign
your applications and/or installations! Setting back your PC clock does not
help!

Example: http://www.lindersoft.com/forums/showthread.php?t=22891

There is not really a "renewal" process for code-signing certificates if you
have purchased a certificate in the past. You always have to request a new
one and go thru the entire process again. Place a new order using the same
company information and Comodo should speed up the validation process.
Always quote your previous Comodo order number in any correspondence with
them.

To avoid having to resign software every time your certificate expires, use
the timestamping service. When you sign code, a hash of your code will be
sent to Certification authority to be timestamped. This means that you will
not need to worry about re-signing code when your Digital ID expires.
Microsoft Authenticode allows you to timestamp your signed code so that
signatures will not expire when your certificate does.

As a service to our customers, we have partnered with Comodo, Inc., a
leading WebTrust Compliant Certification Authority, to offer Comodo's range
of Code Signing Certificates and Public Key Infrastructure (PKI) based
Secure Sockets Layer (SSL) certificates to qualified Lindersoft customers.
If your Verisign or Thawte certificate is due to expire soon, Lindersoft
customers can switch to a 3-Year Comodo certificate for just $200 instead of
$500.

Do the math: a Verisign Code Signing Digital ID costs $499 for 1 year, $895
for 2 years and $1,295 for 3 years. A Thawte Code Signing Digital ID costs
$299 for 1 year and $549 for 2 years. A Go Daddy Code Signing Certificate
costs $199.99 for 1 year, $359.98 for 2 years and $509.97 for 3 years.

http://www.lindersoft.com/products_security_services.htm

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

NewsArchive
02-02-2012, 01:30 AM
Friedrich
I will go on their website, but is it possible to renew for multiple 2 year
extensions?
Say 6 years?

--
Dan Scott
C55 - C6.3 Legacy
Garage Partner Pro / Invoice Partner
www.garagepartner.com
Plan A is always more effective when the device you are working on
understands that Plan B involves a larger hammer

NewsArchive
02-02-2012, 01:31 AM
Hi Friedrich -

How far before expiration would you recommend getting this done? Does
it hurt to do it a month early? Our 3-year was purchased in Nov 2009.

Thanks

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
This post may self-destruct at any moment

NewsArchive
02-02-2012, 01:31 AM
Jeff,

> How far before expiration would you recommend getting this done? Does
> it hurt to do it a month early? Our 3-year was purchased in Nov 2009.

I started mine about a week ahead and that was sufficient. I can relax
for about 3 years now.

Note: Friedrich, remind me in about 35 months, ok?!<g>

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Enhanced Reporting: http://CreativeReporting.com


Product Release & Update Notices
http://twitter.com/DeveloperPLUS

NewsArchive
02-02-2012, 01:32 AM
Good question. I've got until May (I think <g>)

Russell B. Eggen
www.radfusion.com

NewsArchive
02-02-2012, 05:17 AM
Hi Dan,

> I will go on their website, but is it possible to renew for multiple 2
> year extensions?
> Say 6 years?

Unfortunately, this is not possible. The Comodo special only allows to
order a 1 year, 2 years or 3 years certificate. The 3 years special for
$200 is the best buy option.

Friedrich

NewsArchive
02-02-2012, 05:17 AM
Hi Jeff,

> How far before expiration would you recommend getting this done? Does
> it hurt to do it a month early? Our 3-year was purchased in Nov 2009.

I think one week should be enough. In most cases, it takes 36-48 hours to
receive a new certificate. Some developers even received it in under 12
hours.

Our previous certificate was valid until 9/10/2010. I requested a new one
on 9/3/2010 and received it on 9/6/2010. But I missed one of their calls on
9/4/2010 (8 hours after my order) so the delay was not their fault.

Friedrich

NewsArchive
02-03-2012, 01:58 AM
That already happened to me late last year.. it expired... no warning, until
I tried to make an install... oops. Hey, sounds like a job for
setupbuilder.. if it sees the expiration date is < 3 months, it gives a
compiler warning.. big screen, flashing lights, lasers :)

Ray
VMT

NewsArchive
02-04-2012, 04:11 AM
Hi Ray,

> That already happened to me late last year.. it expired... no warning,
> until I tried to make an install... oops. Hey, sounds like a job for
> setupbuilder.. if it sees the expiration date is < 3 months, it gives a
> compiler warning.. big screen, flashing lights, lasers :)

Hmmmm, very interesting idea!!!!!! :)

Friedrich

NewsArchive
02-10-2012, 10:07 AM
Ray,

> That already happened to me late last year.. it expired... no warning,
> until I tried to make an install... oops. Hey, sounds like a job for
> setupbuilder.. if it sees the expiration date is < 3 months, it gives
> a compiler warning.. big screen, flashing lights, lasers :)

This was a bit tricky, but works fine now. The compiler displays the code
signing expiration date in SetupBuilder 7.7. And if the expiration date is
< 45 days, it gives a compiler warning (see attached screenshot).

Very good idea. Thank you again for your suggestion!

Friedrich

NewsArchive
02-10-2012, 10:08 AM
Fortunately, our own code signing certificate is still valid for 574 days.
Good to know :-)

Friedrich

NewsArchive
02-11-2012, 07:43 AM
SWEET

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
This post may self-destruct at any moment

NewsArchive
02-11-2012, 07:44 AM
Friedrich is... AMAZING! <g>

Mike Hanson
www.boxsoft.net

NewsArchive
02-11-2012, 07:44 AM
ah! mein got IF ONLY ......

YOU are THE best Fredrich (as usual)

Thanks a LOT

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

NewsArchive
02-15-2012, 01:45 AM
Wow! Glad it worked out.. in 2 1/2 years.. when my memory is even worse,
this is going to be a welcome reminder.

Thanks!

Ray
VMT

NewsArchive
05-31-2012, 06:33 AM
Hi Friedrich,

I am using the latest version of SB (7.7.3648.0).
My codesign certificate expires on 2 July 2012, but I don't get a
warning and SB does not show any days left.

I use signtool.exe to codesign.

Any idea?

Best regards,
Jeffrey

NewsArchive
05-31-2012, 01:41 PM
Jeffrey,

> I am using the latest version of SB (7.7.3648.0).
> My codesign certificate expires on 2 July 2012, but I don't get a
> warning and SB does not show any days left.
>
> I use signtool.exe to codesign.
>
> Any idea?

If you have the uninstall option enabled and you code-sign your setup with a
key that is part of Microsoft's chain of trust (e.g. Comodo) then you should
see something like the following (see screenshot).

Friedrich

NewsArchive
05-31-2012, 01:43 PM
Hi Friedrich,

I don't use the uninstall option because that is not suitable in our
situation.
I use a Comodo "3 years" certificate, which expires on 2 July 2012.

Please see the attached screenshot which shows my settings in SB to
codesign.

Best regards,
Jeffrey

NewsArchive
05-31-2012, 01:43 PM
Hi Jeffrey,

> I don't use the uninstall option because that is not suitable in our
> situation.

Yes, in this case the compiler can't verify the code-signing certificate
data and it is the expected behavior that you do not see an expiration date
(warning). From the technical point-of-view, the compiler can only retrieve
certificate specific information when it generates the uninstall data
stream.

Friedrich

NewsArchive
05-31-2012, 01:44 PM
Hi Friedrich,

Ok, clear.
Thanks, no problem.

Best regards,
Jeffrey