View Full Version : New code cert
NewsArchive
05-20-2015, 02:16 AM
Friedrich,
Made my own cert and installed it to the personal store. Made the
changes to the code sign file in the project settings and program
options. Getting a compiler error GEN1053: code signing process failed.
Error Code: 1
Any ideas?
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-20-2015, 02:16 AM
"Saved to the personal store"... have you also saved it as a file?
Does your new cert work if you sign something manually with signtool?
Jane Fleming
NewsArchive
05-20-2015, 02:17 AM
SignTool Error: No certificates were found that met all the given criteria.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-20-2015, 02:17 AM
And you did make the correct type of cert? If you're using Windows server,
there are a number of certificate templates.
Did you create it as a PFX file, or ?
Jane Fleming
NewsArchive
05-20-2015, 02:17 AM
Jane,
> And you did make the correct type of cert?
You KNOW he's certifiable, right?!<g>
Lee White
NewsArchive
05-20-2015, 09:19 AM
Its one of the qualifications to be here! :-)
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-20-2015, 09:19 AM
PFX
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-20-2015, 09:19 AM
I forgot to run my makepfx batch file.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-20-2015, 09:20 AM
Still getting the error.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-21-2015, 01:46 AM
The problem was with the import to my stores. I imported the .CER file.
Should have been the .PFX. I can now manually sign code, but SB still
does not recognize this new cert.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-21-2015, 01:47 AM
Russ,
> The problem was with the import to my stores.
Just curious, why are you creating and using your own cert?
--
Lee White
RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com
Creative Reporting: http://www.CreativeReporting.com
Product Release & Update Notices
http://twitter.com/DeveloperPLUS
Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
NewsArchive
05-21-2015, 01:47 AM
I got a little pissed when I found out I could create my own and save
the hassle and expense of renewal. Its just as good as Comodo (or any
other vendors). The only difference is I don't need to send money to
anyone.
Now if you are really interested, I can make one for you, and I won't
charge you an arm and a leg! <bg>
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-21-2015, 01:48 AM
Russ,
> I got a little pissed when I found out I could create my own and save
> the hassle and expense of renewal. Its just as good as Comodo (or any
> other vendors). The only difference is I don't need to send money to
> anyone.
I can create certs but they can't be validated unless the user has
already installed the cert locally. Not the same thing as a real live
cert with a known CA backing it up.
--
Lee White
RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com
Creative Reporting: http://www.CreativeReporting.com
Product Release & Update Notices
http://twitter.com/DeveloperPLUS
Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
NewsArchive
05-21-2015, 01:48 AM
Russ said:
> I got a little pissed when I found out I could create my own and save the
> hassle and expense of renewal. Its just as good as Comodo (or any other
> vendors). The only difference is I don't need to send money to anyone.
>
Oh dear, oh my.
Larry Sand
NewsArchive
05-21-2015, 01:49 AM
Gee whiz, Russ.
Why bother having certs anyway, if any yayhoo can make one and not get
certified by a proper trusted authority?
Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
Source code is like a joke.
If you have to explain it, then it's not funny.
NewsArchive
05-21-2015, 01:49 AM
I first made my very own certificates with Server 2000 in 2000 or 2001.
Yawn.
That works if you're in an enterprise and import your CA root certificate
into Active Directory so all the domain computers trust it. Which I've done
for a medical group where I contract.
Otherwise, you're going to find it not real helpful for signing stuff that
you're selling.
YMMVAPD.
jf
NewsArchive
05-21-2015, 01:50 AM
Hi Russ,
> Its just as good as Comodo (or any other vendors). The only difference
> is I don't need to send money to anyone.
Unfortunately, it is not <g>.
In fact, such a "self-made" certificate is completely useless if you
distribute your software to a wider public. Yes, you can use it in-house
and/or if you have only a handful of customers, no problem. Then you can
instruct the users to add your certificate to the Trusted Root Certification
Authorities list. But if you have to install to hundreds or even thousands
of machines, such a self-made certificate DOS NOT make any sense at all!
Anybody can create his own digital signature, but (by default) Windows only
"trusts" signatures that have been created by certain third parties
(Microsoft root certificate program members). That is Comodo, VeriSign,
GoDaddy or Thawte.
For example, if I would download one of your application files that is
code-signed with your own self-generated file, it will still report "Unknown
User yada" here. That means it is still treated as an "unsigned file" and
Windows displays scary looking warnings when customers download or run it.
And if the UAC-aware operating system has the "User Account Control: Only
elevate executables that are signed and validated" security policy enabled
(quite a few companies are doing this), then your install can't be used at
all. And on top of this, you can't build a reputation for your certificate
to make it through all these stupid protection software systems.
Not to mention that the developer's support costs will far outweigh the cost
of buying a real certificate. And on top of this all the lost sales from
anyone who downloads a copy of your app to try out and decides to pass on
even looking at it based on the scary warning.
Friedrich
NewsArchive
05-21-2015, 01:50 AM
Found it! The #code_sign function has entries for the cert, pfx, file,
etc. So I need to change each. No biggie, this cert won't expire until
2036 <g>.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-22-2015, 01:01 AM
Actually, it is the same thing. The main difference is that a vendor
like Comodo will most likely already be in the trusted store. Once you
get the new cert in their store, no problems.
In my case, customers don't care about that.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-22-2015, 01:03 AM
Russ,
> Actually, it is the same thing. The main difference is that a vendor
> like Comodo will most likely already be in the trusted store. Once you
> get the new cert in their store, no problems.
Just being sure you weren't smoke'n the wrong stuff in that pipe!<g>
--
Lee White
RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com
Creative Reporting: http://www.CreativeReporting.com
Product Release & Update Notices
http://twitter.com/DeveloperPLUS
Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
NewsArchive
05-22-2015, 01:03 AM
As Friedrich pointed out, if you are selling commercial software, then
it makes sense to get a Comodo cert. If you are doing this only for
custom made software for different clients, then it does not. If you do
a mix, then pay for the cert.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-22-2015, 01:03 AM
Right now, I don't.
--
Russ Eggen
RADFusion International, LLC
NewsArchive
05-22-2015, 01:04 AM
> this cert won't expire until 2036 <g>.
2036? Cool. VeriSign would charge $9,065 for the same service ;-)
BTW, make sure that you have created a SHA2 certificate. Otherwise, it will
automatically expire in a few months <g>
Friedrich
NewsArchive
05-22-2015, 01:04 AM
Dang it! <g>
Its SHA1 - thanks.
--
Russ Eggen
RADFusion International, LLC
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.