PDA

View Full Version : timestamp.comodoca.com does not work



NewsArchive
03-14-2021, 02:15 AM
All,

timestamp.comodoca.com does not work

what could this be?

Bernd

NewsArchive
03-14-2021, 02:16 AM
Hi Bernd...

http://timestamp.comodoca.com/authenticode
Works fine from here.

Not sure if you have direct control over the server URL, though.
However, I know for a fact that these services, which work through proxies,
have the ability to block IP's and IP ranges.

Cheers...
Gus M. Creces
https://www.cwhandy.ca



Cheers...
Gus

NewsArchive
03-15-2021, 01:06 PM
I have checked it again:

Licence is still active

I have been using the script for years

=> does not work anymore!
has something changed?

---

#pragma CODESIGN_SHA = "12"
#pragma CODESIGN_TSSHA1URL = "http://timestamp.comodoca.com/authenticode"
...

! Code-Sign
#code-sign application ("[SB_PROJECT]\files\ip_zeit.dll") ["ip_zeit.dll"] [Permanent] [Skip]" ["[SB]\bsm\<??>.pfx"]
...

Bernd

NewsArchive
03-15-2021, 01:07 PM
Hi Bernd...
>>>has something changed?
Lots of things have changed. With commodoca and other signing/stamping
authorities.

From what you've said the problem is probably not the commodoca signing URL
at all, but your certificate.

Take a close look at your certificate using CERTMGR.EXE or MMC.EXE.
These are both Microsoft utilities available for the Window 10 environment.

Does your certificate have an expiry date more than 12 months out from the
sign date?

What are the certificate's "Key Usage" settings?
Anything other than Code Signing (1.3.6.1.5.5.7.3.3) may be too broad
purpose and no longer admissible.

Most important of all:
What is the certificates "signature algorithm"?
All variations of SHA1 (for example SHA120) are no longer admissible.
Code Certs should be signed at a minimum SHA256, preferably SHA512


Cheers...
Gus

NewsArchive
03-23-2021, 04:22 AM
Hi Gus,

Thanks for the info.

The certificate expires on 6-JUN-21. The crt file is from 07-JUN-2018.
I entered SHA-256.



Thanks,
Bernd

NewsArchive
03-23-2021, 04:55 AM
Bernd,

> => does not work anymore!
> has something changed?

as far as I can see, you are still using the "old" (pre-2016) signing
method.

Please check:
http://www.lindersoft.com/forums/showthread.php?47199

Comodo timestamping works fine for both SHA-1 and SHA-2 (see attached
screenshots). Please use the "new" Comodo timestamp server.

Does this help?

Friedrich

NewsArchive
03-28-2021, 01:16 PM
Das war sehr hilfreich, Danke

Bernd