WTF?

See attached

Dan

Now why would they do that? Damn these dictators.

Andre Labuschagne

Yup, now I can't sell and deliver anything

Dan Scott

>
> Now why would they do that? Damn these dictators.
>

For example, when you request a new certificate as a replacement for an old
one.

Dan's screenshot says "Valid from 9/29/2014 to 9/29/2017". This certificate
from 2014 was not SHA-2 based and so I think Dan requested a free SHA-2
replacement. Comodo issued a SHA-2 based certificate valid from 1/26/2016
to 9/30/2017. The expiration date is nearly identical, so perhaps this NEW
one replaces the OLD one (and Comodo revoked it). It's not possible to
code-sign with revoked certificates.

Friedrich

We have incomplete info, I guess:

1. Did this revocation message happen to an existing .exe that was
already signed with the certificate that was replaced?

or

2. Did he successfully code sign with a revoked certificate that then
showed as revoked in the file properties?

Jeff Slarve
www.jssoftware.com
Twitter free since Jan 11, 2016
I'll search help files & Google for you.

Grammar troll's, are the worse.

Weird thing is, I don’t have UAC on

Dan Scott

AND, it only happens on 1 exe out of 5

Dan Scott

Dan,

> AND, it only happens on 1 exe out of 5

Does it still happen if you re-sign the EXE?

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://archive.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
And, now, Windows 10 brings us "The Inch Worm, Bumper Car of Wait!"

Yup, tried that at least 10 times

Dan Scott

Better contact comodo.

You can download their current certificate revocation list here:
http://crl.comodoca.com/COMODORSACodeSigningCA.crl

Following these instructions
http://www.interfacett.com/blogs/how-to-examine-any-certificate-revocation-list-in-windows-with-certutil/

I dumped it to a text file (attached).
As a first check, I'd look to see if your cert's serial number is on their
list.

More reading:

https://www.comodo.com/repository/Validation-and-Code-Signing-Addendum-to-the-CPS.pdf

https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/

Jane Fleming

That's it for me, no code signing

Dan Scott

Dan,

I think you have requested a NEW certificate from Comodo and as a result,
your OLD one has been revoked.

As far as I can see, your NEW one is still valid. See attached screenshot
from one of your installs.

So IMO, you tried to use your OLD (from 2014 and not SHA-2 based)
certificate here and that causes your problem.

Friedrich