How do I move the comdo certificate from windows 7 to windows 8

Thanks Gary

Gary,

>
> How do I move the comdo certificate from windows 7 to windows 8
>

Just copy the .pfx (or the .spc/.pvk) from one machine to another.

Friedrich

Thanks

Gary Hoffman

So I think I have moved all files. But I am getting this error.
Processing digital certificate to uninstall
Signcode
compiler warning gen1061 File not found
compiler warning gen1061 File not found
compiler error gen1053 code signing signing process failed. error code -1

I guess I am missing signcode. Where does that come from

Thanks
Gary

Gary,

> So I think I have moved all files. But I am getting this error.
> Processing digital certificate to uninstall
> Signcode
> compiler warning gen1061 File not found
> compiler warning gen1061 File not found
> compiler error gen1053 code signing signing process failed. error code -1

I think you are trying to use a .PFX to code-sign, but you forgot to switch
from SignCode.exe (for .spc/.pvk signing) to SignTool.exe (for .pfx
signing).

In your IDE -> Tools | Options... | File Locations tab.

Friedrich

Thanks. This was fairly simple. The only problem seems to be we don't
work with this very often.

Gary Hoffman

Gary,

> Thanks. This was fairly simple. The only problem seems to be we don't
> work with this very often.

Yes, I agree. I'll add a note to the compiler error message if SignCode.exe
is still enabled and both .spc/.pvk locations are empty.

Thanks,
Friedrich

I just moved to a new machine and am getting the same error. I followed
the instructions below and nothing changes.

What am I missing?

Thanks,

Bob

Were you using signcode (with the two files it requires) on your old
machine, or signtool with a .PFX ?

If signtool, have you installed that on your new machine? (Remember that
Friedrich can't provide that - you need to download it from Microsoft.)

jf

Signtool is on the new machine. I just ran it from the command line and
didn't get any error.

Any other idea or ideas?

I'm stumped as the setup seems the same.

Thanks,

Bob

Bob,

Exactly what Jane said.

Just post a screenshot from the error code and we can tell you what you are
doing wrong.

Friedrich

Friedrich,

Attached is an image displaying the error I'm getting.

Thanks,

Bob

Friedrich and Jane,

Just checked your forum and found the answer. I was missing the
capicom.dll. Codesigning now works.

Thanks,

Bob

> Just checked your forum and found the answer. I was missing the
> capicom.dll. Codesigning now works.

Thanks for the update, Bob!

Friedrich

> Friedrich and Jane,
For some reason, the problem with Codesigning has returned...

Please look the attached image and let me know what I did wrong this time.

Thanks,

Bob

Bob,

> For some reason, the problem with Codesigning has returned...
>
> Please look the attached image and let me know what I did wrong
> this time.

Make sure that...

1.) ...you are using a valid (not expired) code-signing certificate.

2.) ...you are using the correct configuration settings (e.g. password).

3.) ...your protection software does not block your code-signing tool
(signtool.exe).

4.) ...your protection software does not block access to the timestamp
server (if you are using time-stamping).

5.) ..."something" did not remove or unregister your capicom.dll.

Friedrich

BTW, you can check the CAPICOM thing by using signtool.exe from the command
line (see attached screenshot). To see if your protection software blocks
access to the timestamp server, temporarily disable timestamping (or switch
to another timestamp server). And to be on the super safe side, add your
signtool.exe to the protection software "exclusion list".

Friedrich

1) The code-signing certificate was issued this year in July.
2) The password has not changed and is correct
3 & 4) I see no evidence that either signtool or the timestamp server is
blocked.

5) I uninstalled and reinstalled capicom.dll

How do I run signtool from the command line. I tried what is shown on
the Microsoft website but it ran and went to the prompt without
displaying anything.

Thanks,

Bob

in case - I use signtool from within setup builder script and all
errors are logged and shown - so is success :)

try that maybe in any stub installer ?

#code-sign application "D:\Apps\DmcV4\dmc.exe" ["Data Management
Center"] [Permanent]

after adding signtool and certificate and password to the project ?

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

Don't run this from the RUN box in Windows, or the window will close as soon
as it's finished and you won't be able to see any messages.

First open a command prompt (DOS) window.

From the command line, you can try signing a file like this (simple signing,
no timestamp server or file description):

signtool sign /f c:\folder\MyPfxFile.pfx /p MyPfxPassword /v
c:\MyFolder\FileToBeSigned.exe

Jane Fleming

This is VERY interesting. The command line version works, but when I run
SetupBuilder I get an error 1 and the app is not CodeSigned.

Obviously, I'm doing something wrong but I don't know what.

Any clue?

Thanks,

Bob

check the sb options are pointing to the good folder and has the good
password etc ?
obviously something wrong there if the command line works

menu projects-settings "digital signature" tab
menu tools-options "file locations" tab
here I enter NO credential file and NO private key - ONLY the signcode
exe and signtool exe path is filled in

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

Bob,

> How do I run signtool from the command line. I tried what is shown
> on the Microsoft website but it ran and went to the prompt without
> displaying anything.

The following command line (see message box in the screenshot) is used to
code-sign files.

Friedrich

Friedrich,

> The following command line (see message box in the screenshot) is used to
> code-sign files.

The problem is obvious to me... it's that blurry red stuff!

Lee White

ROFL

J André Labuschagné

Lee,

>> The following command line (see message box in the screenshot) is used
>> to code-sign files.
>
> The problem is obvious to me... it's that blurry red stuff!

Or it is the new timestamp server requirement. Compilers that handle
code-signing should support RFC 3161 compliant (trusted) timestamp servers
now. But not all Microsoft Authenticode signing tools support this (newer)
feature.

The new "SVER" item in the SetupBuilder compiler displays the signtool
version in the SB8.5. I am using signtool.exe version 6.2.9200, and Bob is
using 6.0.6001. So it's very well possible that this version does not
support "RFC 3161".

@Bob: if you temporarily remove timestamping, does it compile fine? If yes,
then it's caused by your signtool.exe version.

Friedrich

BTW, if it is really caused by the new RFC 3161 compliant (trusted)
timestamp server requirement, then perhaps we need a new compiler switch to
disable this. As far as I can see, older Windows operating systems do not
support RFC 3161 at COMPILE time.

Friedrich

Running SignTool from the command line I am able to use the timestamp.

I'll keep messing with it and if, or when, I figure it out, I let you know.

Thanks.

Bob

>
> Running SignTool from the command line I am able to use the timestamp.
>

But are you using the /tr command line switch for timestamping or just /t?

IMO, it's caused by the new RFC 3161 compliant feature.

Friedrich

I'm using /t.

Bob

Bob,

>
> I'm using /t.
>

Yes, that's exactly what I thought. This is the non-RFC 3161 compliant
timestamp switch. SetupBuilder 8.5 switched to RFC 3161 compliant
timestamping. But your Authenticode signtool.exe does not support it.

But no problem. I have added a new #pragma to disable RFC 3161 timestamp.
If you are interested, please download the following new build:

http://www.lindersoft.com/sb8/sb85_4648_Dev.exe

Then add the CODESIGN_TSTYPE pragma (see attached screenshot) to your script
and it should work fine again.

Does this help?

Friedrich

and again the "master" solves it all for us !!!
BRAVO et Bonne ANNEE 2015 mon ami!

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

Friedrich,

The new version of SB and the additon of the #pragmas has solved the
problem.

Thank you, and Happy New Year! Put the drinks on my tab.

Bob