Hello all!

Yes, this time it was tremedously easy to obtain the COMODO certificate.

Until now....

After verification I received an e-mail, here I clicked on the given link and
1-2-3 the certificate was installed in my FireFox. I found some desccription on
YouTube, how to export that thingie from FF and now its stored on my HDD.
However, it has the file extension .P12 and I do not find any hint about this
kind of file type. Janes PDF from 2014 mentions .PFX only and she describes the
process in IE.

So, what do I have to do next?

Is .P12 identical with .PFX?

Do I simply rename it?

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO26630&actp=LIST&viewlocale=en_US

Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.







.

Wolfgang,

You should be able to just copy and rename it.

jf

Jane,

You made me look, damn it!

Now I know I have the pains of renewal next week... I don't wanna!<g>

Lee White

Wolfgang,

yes, just export and rename it to .pfx.

http://www.lindersoft.com/forums/showthread.php?46731-Its-Comodo-time&p=83948#post83948
http://www.lindersoft.com/forums/showthread.php?47537-Comodo-certificate&p=87428#post87428

Friedrich

Okay, .....

First I copied the .p12 to my test-directory.

Renamed .p12 to .pfx.

Added .pfx to my SB-script and compiled - ERROR! Not found...

See 2017-12-21_screenshot_1.PNG

However, the EXE DID get code-signed!

Then I copied the .p12 next to teh .pfx, now SB gave no error!


See ... hmm I can't attach es second screenshot, because my QUOTA has exceeded.... - what?

Oh my, I can't send this message with the fist image also. Man I am miffed!

I will put the screenshot onto the server

http://downloads.odata.de/SetupBuilder/2017-12-21_screenshot_1.PNG
http://downloads.odata.de/SetupBuilder/2017-12-21_screenshot_2.PNG

But, as you can see, the EXE is not only code-signed, its still SHA-1 again!!!!
And I have really really taken care to select SHA-256 during the order
process!!!

Have I made a mistake again? Can I fix it?


One more oddity: I have not seen Janes and your reply until now. Thats why I
respond so late.

And one more: SB 10.0.5710 has the ALT-Key bug. Sorry, mate!

Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.

This has nothing to do with code-signing.

In Line 76 you are trying to add a file (Install File action) and this file
does not exist or is locked. It's not the code-signing process that fails
here. Check your Line 76.

And to handle dual SHA-1/SHA-2 or SHA-2, follow the instruction from my
previous message.

http://www.lindersoft.com/forums/showthread.php?47199

Friedrich

I have just chatted with Comodo, they confirmed that the cert is SHA-256RSA

So I made a mistake in SB somewhere.....

Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.

>Wolfgang,
>
>yes, just export and rename it to .pfx.
>

So, when I do a simple remaning, it is SHA-1 then.

In Janes Manual from 2014 I see, that she somehow converted the
certificate-file. But hers was a .pfx, because she defined it like that when
exporting from IE. However, mine was a .p12, because I exported from
FireFox.

From my understanding she signed her EXE not with SetupBuilder, but with SignTool.EXE?

From what I recall is, that the delivered SignTool.EXE is not sufficient. We
have to jump through many hoops, by getting a huge SDK from Microsoft and
extracting a tiny part from it, which holds the appropriate version of
SignTool. Is that still true?

Okay, purchase was easy, the stuff comes afterwards.

Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.

Wolfgang,

just do this:

http://www.lindersoft.com/forums/showthread.php?47199

You can even let the SetupBuilder IDE download the SignTool.exe for you.

Friedrich

>You can even let the SetupBuilder IDE download the SignTool.exe for you.

But I don't have to, do I?



>http://www.lindersoft.com/forums/showthread.php?47199

After reading this over and over again, I think I got it!

1) I have to modify in der Mainmenu under TOOLS => Option => Digital Certificate

I add my renamed certificate (still need both .p12 and .pfx next to each other, why ever)
AND, important!, choose SHA-2 or whatever!!

2) In the Project Definitions itself I set Digityl Singature to YES and add my
URL and a name.

3) In the Script Logic => Script Editor then I add a line "#code-sign
application ...." from that dialogue.

Now it compiles and teh output is SHA-256!!!!!!!

I LOVE YOU, FRIEDRICH! <dance>

Mann, war das ein scheiß Stress!

Christmas can come now!

Best wishes to the crew over here, especially Jane and Friedrich, but all others too!



Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.

Can't setupbuilder use certificate stored in Windows certificate store?
I have GoDaddy cert for code signing and it's imported in windows and
signing goes from there.

Only important thing, you must select personal store, not let it on auto...

Kazendra
--
It ain't the fall that kills you
It's the sudden stop at the bottom.

> Can't setupbuilder use certificate stored in Windows certificate store?
> I have GoDaddy cert for code signing and it's imported in windows and
> signing goes from there.
>
> Only important thing, you must select personal store, not let it on
> auto...

Yes, SetupBuilder can use .pfx or certificates from the certificate store.

Friedrich

Hi Wolfgang,

>>You can even let the SetupBuilder IDE download the SignTool.exe for you.
>
> But I don't have to, do I?

No, you can also use your own SignTool from a SDK download.

>>http://www.lindersoft.com/forums/showthread.php?47199
>
> After reading this over and over again, I think I got it!
>
> 1) I have to modify in der Mainmenu under TOOLS => Option => Digital
> Certificate
>
> I add my renamed certificate (still need both .p12 and .pfx next to each
> other, why ever)
> AND, important!, choose SHA-2 or whatever!!
>
> 2) In the Project Definitions itself I set Digityl Singature to YES and
> add my
> URL and a name.
>
> 3) In the Script Logic => Script Editor then I add a line "#code-sign
> application ...." from that dialogue.
>
> Now it compiles and teh output is SHA-256!!!!!!!
>
> I LOVE YOU, FRIEDRICH! <dance>

<g>

> Mann, war das ein scheiß Stress!
>
> Christmas can come now!
>
> Best wishes to the crew over here, especially Jane and Friedrich, but all
> others too!

:-)

Friedrich