PDA

View Full Version : Code Signing Certificate Experience



NewsArchive
12-01-2016, 03:10 AM
Hi All

By some miracle and with the help of Jane's excellent notes and
Friedrich's help we now have a certificate.

Two lessons learned.

First, if you have a DUNS record make sure that it agrees to your DNS
record, particularly the phones and address. We have moved offices and
the DUNS record was out of date. That got Comodo thinking we were
rogues from outer space. But that is sorted now.

Second, the email they send to you to initiate an automated call back is
obtuse. Assume that the first link does not work and take the next one
provided - this will definitely give you space to type in your login and
password and code they give you. They say you must type the code into
the email. Wrong. It is into the popup window that works with the
second link.

Oh - and as Friedrich has mentioned in another thread, MS Edge is out of
the running for this exercise.

And now that I have got the damn thing I have no idea what to do with
it. Any notes or pointers?

Cheers
Andre

NewsArchive
12-01-2016, 03:15 AM
>And now that I have got the damn thing I have no idea what to do with
>it. Any notes or pointers?

Easy. Codesign all your generated EXEs and DLLs using SetupBuilder before you try and
distribute any of them.

There are settings within SB to store the CERT and the private key to make things
easier for You.
Then add script items to codesign (after adding any manifests) to the EXEs.
This is usually, for me, anyway, very early on in the SB scripting.

JohnG

NewsArchive
12-01-2016, 04:50 AM
Hi John

No idea how to any of this. Clueless.

Cheers
Andre

NewsArchive
12-01-2016, 04:51 AM
<g> RTFM.

Hopefully you use setupbuilder to generate the SETUP files or UPDATE files for your
clients. In SB, with NO projects open, start by loading your codesigning PK and pwd.

Tools/Options/ codeSigning Tab and fill in the blanks. see screenshot.

That should get the worst of it done. Then add the scripting items to actually do the
Signing. The script will use signtool.exe, that you need to get from MS. And it
needs to be the signtool.exe (be aware that there are many) for your current Window$
version.

wITHIN sb PROJECT, (damn caps lock) go to the "script editor", and add the
"Compiler Directive" #code-sign application ( screencap2.)
That should have your off to the races.

John

NewsArchive
12-01-2016, 04:51 AM
> wITHIN sb PROJECT, (damn caps lock) go to the "script editor", and
> add the "Compiler Directive" #code-sign application ( screencap2.)
> That should have your off to the races.

Perfect, true & 100 percent to-the-point :-)

Thanks John!

Friedrich

NewsArchive
12-01-2016, 04:52 AM
Andre,

>
> No idea how to any of this. Clueless.
>

Here is all you need to handle code-signing :-)

http://www.lindersoft.com/forums/showthread.php?47199

Does this help?

Friedrich

NewsArchive
12-01-2016, 04:52 AM
You can let the SetupBuilder IDE download the signtool.exe from Microsoft
for you.

IDE -> Help | Get Microsoft SignTool

Friedrich

NewsArchive
12-01-2016, 04:53 AM
LOL

You mean the SB manual? I will look at that.

Thanks for the pointers. No doubt more questions to come.

Andre Labuschagne

NewsArchive
12-01-2016, 04:53 AM
Thank you!

Andre Labuschagne

NewsArchive
12-01-2016, 04:54 AM
Thanks!

Andre Labuschagne

NewsArchive
12-02-2016, 02:30 AM
There's also an OLD video I did some years ago.

The third section walks through the basics of code-signing the installer and
a component that you're distributing.
http://www.beachbunnysoftware.com/SBVideo/

jf

NewsArchive
12-02-2016, 02:31 AM
Thanks Jane.

Andre Labuschagne

NewsArchive
12-02-2016, 02:32 AM
Hi Andre,

> Second, the email they send to you to initiate an automated call back is
> obtuse.

In the however many years I have been dealing with this and Comdo,
obtuse is not a strong enough word for how they write emails - but it's
a step in the right direction<g>

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

NewsArchive
12-02-2016, 02:32 AM
Hi Arnor

There you go. At least they have automated the callback. With the
exception of what I listed the verification process was very well
orchestrated. Bit one glitch and the frustration starts piling up.

Cheers
Andre