PDA

View Full Version : Still struggling with creating certificate



NewsArchive
10-08-2014, 02:34 AM
See attached
I do have dancert14.pfx, but there is no dancert14.pvk in the folder.
I am sure that is the file it is looking for.
Must have missed a step somewhere
About ready to can code signing.
Any help is appreciated
Dan Scott
Garage Partner Pro/Invoice Partner
www.garagepartner.com

NewsArchive
10-08-2014, 02:34 AM
If you have the dancert14.pfx file, you do not need any dancert14.pvk or
dancert14.spc

Make sure in SB that the fields for the .pvk and .sbc are empty, and use ONLY the one
for the .pfx (which says optional)

Then ensure you are using SignTool.exe to do the signing.

No need for pvk2pfx.exe.

JohnG

NewsArchive
10-08-2014, 02:42 AM
Thanks John, I will give it a go

Dan

NewsArchive
10-08-2014, 02:43 AM
Dan

one more thing... When you export your certificate from your browser, it may end up
with the file extension of .p12 This is a .pfx file, so just change the extn of
the file to .pfx

JohnG

NewsArchive
10-08-2014, 02:44 AM
I did it your way John and now I am getting an error when compiling.
I code sign about 15 files, Commenting out each bad file compile just
results in
another error on the next file.
I do not have ANY Antivirus running because of the problems with
SetupBuilder and antivirus, so
it ain't that.

Dam

NewsArchive
10-08-2014, 02:46 AM
Dan,

> I do not have ANY Antivirus running because of the problems with
> SetupBuilder and antivirus, so
> it ain't that.

Might be that the date stamp server is unavailable or something else.
(see attached image)

Did you change the Tools|Options Certificate Profiles? If you did
you'll need to update each call within your install script by
re-selecting the profile.

Lee White

NewsArchive
10-08-2014, 02:46 AM
Hmmm.. I will have to check that

Dan Scott

NewsArchive
10-08-2014, 02:47 AM
If you are getting multiple failures are you SURE you are entering the
correct password into your script? Not been following this thread but isn't
this a new certificate? Did the password change? I did that once and changed
one character from upper case to lower case but forgot to change it in the
properties.

John Fligg

NewsArchive
10-08-2014, 02:53 AM
John,

> I did that once and changed one character from upper case to
> lower case but forgot to change it in the properties.

Well that was stu... no, wait, did that. Never mind.

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"

NewsArchive
10-08-2014, 02:54 AM
Not sure of that at this point either

Dan Scott

NewsArchive
10-08-2014, 02:54 AM
I am entering the password that I created.

Dan Scott

NewsArchive
10-08-2014, 02:55 AM
Do you have a firewall active? (separate from antivirus)

Is the version of SignTool.exe the appropriate one for your current OS?
Where did you get the SignTool.exe?
What OS are you running?
What is the byte size of your Signtool.exe?

John Griffiths

NewsArchive
10-08-2014, 02:56 AM
These are just some signtool.exe files on my Win8.1 PC.

The highlighted one is the one I use.
version is 6.3.9600 .16384
302184 bytes.

John Griffiths

>What is the byte size of your Signtool.exe?

NewsArchive
10-08-2014, 02:57 AM
John

The signtool worked fine for 3 years, until I renewed my certicate

Dan Scott

NewsArchive
10-08-2014, 02:58 AM
Dan,

If I were you, I would create a simple "dummy" setup.exe and let the
compiler code-sign (including timestamp) the setup.exe with your new
certificate. If this process succeeds, you have a valid certificate and a
valid Authenticode code-signing environment -- and you are using incorrect
information in your pre-processor items; e.g. you still point to the old
expired certificate.

But if the simple setup.exe code-signing process also fails then there is
another problem.

Friedrich

NewsArchive
10-08-2014, 02:59 AM
Maybe try running signtool from the command line by itself to see if you get
a more meaningful error.

without using a timestamp server:

signtool sign /f MyPfxName.pfx /p MyPassword /v MyFiletoSign.exe

then with a timestamp server:

signtool sign /f MyPfxName.pfx /p MyPassword /v /t
http://timestamp.verisign.com/scripts/timstamp.dll MyFiletoSign.exe

Jane Fleming

NewsArchive
10-08-2014, 03:00 AM
I will give it a shot Jane

Dan Scott

NewsArchive
10-08-2014, 07:49 AM
Do you suppose the "File not found" error could be that it needs a
full pathname for the .pfx?

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

NewsArchive
10-08-2014, 08:05 AM
Jeff
Running it all from the same folder

Dan

NewsArchive
10-08-2014, 10:05 AM
Friedrich

Found it !!!!!

I didn't know I would have to go into each individual #Code-Sign Application
and change all the fields.
I thought the one in Tools > Options would globally Change...
So, now I need to change 166 individual #Code-Sign Application items.

Well, glad we figgered it out anyway. I am now going to fear doing this
every 3 years, just because of the work involved.

Dan

NewsArchive
10-08-2014, 10:05 AM
Ok, I get invalid password when manually signing.
Weird thing is that I can sign using signwizard (no Password required)

I exported the PFX file again, with the same password I created previously
Same bad password error.

Am I using the wrong password? was there another one other then the one
created when exporting PFX?

Dan

NewsArchive
10-08-2014, 10:06 AM
Dan,

> Ok, I get invalid password when manually signing.
> Weird thing is that I can sign using signwizard (no Password required)

What happens if you do not use a password in the SB code-signing fields?

Friedrich

NewsArchive
10-08-2014, 10:06 AM
FOUND IT, see reply to Friedrich

Thanks for everyone's help and concern. I appreciate you Guys and Gal

Dan

NewsArchive
10-08-2014, 10:37 AM
At least you know what thread to look at<g>

>
>Well, glad we figgered it out anyway. I am now going to fear doing this
>every 3 years, just because of the work involved.

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

NewsArchive
10-08-2014, 10:38 AM
Dan,

> Found it !!!!!
>
> I didn't know I would have to go into each individual #Code-Sign
> Application
> and change all the fields.

Yes, that's what I thought:

++ ...and you are using incorrect information in your pre-processor items;
++ e.g. you still point to the old expired certificate...

> I thought the one in Tools > Options would globally Change...
> So, now I need to change 166 individual #Code-Sign Application items.
>
> Well, glad we figgered it out anyway. I am now going to fear doing this
> every 3 years, just because of the work involved.

See attached screenshots. Just use compiler variables and you only have to
change two values for all your 166+ items.

Friedrich

NewsArchive
10-09-2014, 02:33 AM
Dan,

> I didn't know I would have to go into each individual #Code-Sign Application
> and change all the fields.
> I thought the one in Tools > Options would globally Change...

Told ya!<g>
>> Did you change the Tools|Options Certificate Profiles? If you did
>> you'll need to update each call within your install script by
>> re-selecting the profile.


Friedrich gave you the easy way, use variables.

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"

NewsArchive
10-09-2014, 02:34 AM
Lee

Still have to change all manually anyway

Dan

NewsArchive
10-09-2014, 02:34 AM
Dan,

> Still have to change all manually anyway

Just yanking your chain!<g>

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"

NewsArchive
10-09-2014, 02:35 AM
Dan

You can also use wildcards to sign batches of DLLs if they all start with, say
GP?????.dll

Just put the filename to be signed as GP*.dll and the SB script will sign them
all.

JohnG

>I didn't know I would have to go into each individual #Code-Sign Application
>and change all the fields.

NewsArchive
10-09-2014, 02:35 AM
John

Yes, good Idea <g> Thanks

Dan Scott

NewsArchive
10-09-2014, 11:43 AM
Consider it Yanked

Dan Scott