PDA

View Full Version : COMODO - Changing PW every 90 days?



NewsArchive
12-28-2015, 10:11 AM
Hello Friedrich,

these COMODO guys drive me nuts!

When I purchased my Code-Signing Certificate at Comodo, I read in the
Management Console (secure.comodo.net), that my password expires in 90 days.

Because I have had some troubles during the process of purchase (oh, really?)
[yes, but solved timely], I was in contact with those chat-agents. When I
became aware of this 90-day-limit, I asked that recent chat-agent, whether this
changed PW for the access of the COMODO management Console also concerns my
code-signing. In other words, when I change that PW now, the I also have to use
this new PW for code-signing my programs from that very moment own. The
chat-agent said "yes".

Okay, I accepted that, because its a rule by COMODO, still thinking, its a
onetime security event.

So, today I changed my PW at COMODO...... but what I read now is that I have to
change me PW within the next 90 days again!

That raises a couple of question (I am really sorry about that, Friedrich!):

# Does that really concern my code-signing proces within Setupbuilder?

I mean, when changing the PW for the COMODO Management Console, do I have to
change that PW in the SB-script everytime now too?
Well, you may think "Why does that moron not just try...?" and you are right
about that. But, to my defence, I have not yet installed SB, so I am not
code-signing anything at all. I have purchased
all parts (SB, Certificate) ahead, I always plan strategically in advance. My
recent program is still in progress. However, I want to know about the
cobblestone before.

# What happens, if I do _not_ change my PW every 90 days?


Again, thanks in advance!

Wolfgang Orth
www.odata.de

NewsArchive
12-28-2015, 10:12 AM
Hi Wolfgang,

It is not possible to change the password of a code-signing certificate.
The requirement to change the (temporary?) Comodo Management Console
password is not related to your code-signing process. As far as I know, you
can reset an expired (Comodo Management Console) password.

Friedrich

NewsArchive
12-28-2015, 10:13 AM
No idea about the context of your discussion with Comodo, Wolfgang.
But I'm guessing they're referring to the password on their website.
Hopefully, you won't need to look at their website again for 3 years!

When you export your certificate to a PFX file to use signing your stuff,
you'll create a new password for that PFX.
That doesn't need to change until the PFX file expires (in 3 years).
That is the password that you'll enter into SB (for signing the installer
itself and for signing any of your own EXE and DLL files that you're
distributing.)

HTH

jf

NewsArchive
12-28-2015, 10:13 AM
Hi Wolfgang,

> # Does that really concern my code-signing proces within Setupbuilder?
No:)

> I mean, when changing the PW for the COMODO Management Console, do I have to
> change that PW in the SB-script everytime now too?

No, completely unrelated:) The password for the certificate applies
only to that specific certificate and cannot be changed (as far as I
know) without getting a new certificate.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

NewsArchive
12-28-2015, 11:27 AM
>Hopefully, you won't need to look at their website again for 3 years!

Oh yes, please, yes, yes yes!


>When you export your certificate to a PFX file to use signing your stuff,
>you'll create a new password for that PFX.

Hmmmmmm, I got my certificate as a PFX already.

I see, I need to install the recent incarnation of SB on my machine and
simulate that whole process on a dummy.EXE.

Yeah, tomorrow....

Regards,
Wolfgang Orth
www.odata.de