Friedrich



As I am trying to get everything together for a product release I broke down
and purchased a security certificate from Comodo. This is without question
one of the most frustrating experiences I have had in some time. The
problem is that before or during the purchase process they do not tell you
what the rules are before you start or the things you have to know before
you get there. After a dozen or more emails to tech support, eight tech
support representatives and over four hours on the phone and having them
reissue the certificate four times, we finally got it working.



There are several absolutes they don't tell you about. I will go over some
of these to help you prevent the problems I went through.



When you go through your application process it asks for company name,
organization or personal name. After the purchase is made (and you can't go
back and change your mind.) it then tells you that you have to provide
corporate documents such as the articles of incorporation, Business
licenses, Tax statements and the like. You have to send more than one form
of business identification to have the process completed and have the
certificate issued. If however you selected to purchase as an individual
you only have to send them a drivers license or a passport to prove who you
are. As I am trying to get this project off the ground I gave them the name
we will be marketing under which at the moment has no paperwork to show its
existence. So I was stuck. After more calls and emails they agreed to
reissue under my name and we were off and running again, or so I think.



I download the certificate and it installs. I then fire off Setup Builder
and go to put in the information... Hmmm Setup Builder is asking for files
and keys I don't have, all I have is the certification file. Back to
Comodo. Tech support tells me I screwed up and did not put in the location
or name for the files. I tell them it never asked. They tell me I am wrong
and ask what browser I am using. I tell them Firefox and they say oh, that's
it, we don't support Firefox, to which I ask why did you not have that on
your web site before I did that. Another reissue using IE 7, with the guy
on the phone we get to the screen and once again there is no place to enter
a file name or path. He tells me I can't be right so I read him the screen.
He asks what OS I am using and I tell him Vista. Ahhh, that's it, we don't
support Vista to download the certificates... (So I ask myself, Self, why am
I buying this thing other than Vista?) Anyways, they inform me that I can't
use Vista to download it, so we start all over again using an XP computer
with IE and sure enough the field is there that I need. I download it and
they can't tell me if I can, or how to export it to the computer I do my
development on. I get it , export it, move it to the development computer
and import it. It finally worked and I have the files I need. Only took 3
days and a bunch of time.



Bottom Line is..

1.. Make sure you have bunches of documentation you can fax to them about
your business or select purchasing a certificate as an individual.
2.. Don't try to download the certificate on anything other than IE and
only on the computer that you used to make the purchase. Comodo does not
support Firefox or any other browser.
3.. Don't try to download it on to a Vista computer because Comodo does
not support Vista downloads for the certificates you are purchasing for use
on Vista.
This could have been made a bunch easier if they published on there web site
up front what you needed to purchase and download the certificates before
you started. I particularly liked the tech support rep that asked me to
hang up and put in another support ticket on the web site because he did not
have a clue and maybe someone who had the solution could answer the ticket.



Once installed it works great but that is only because Setup Builder takes
all the work out of doing the updates and managing the certificate stuff.



What a weekend.

Bob Healy

Bob,

I fear it was one of these days we don't like so much <g>.

Unfortunately, this is with all WebTrust Compliant Certification
Authorities, not just with Comodo. They all follow the *same* rules.

And of course:
http://www.lindersoft.com/forums/showthread.php?t=2232

Comodo is the 2nd largest WebTrust Compliant Certification Authority and
their support is usually excellent. We have to renew our own certificate in
September and I'll let you know how it went.

Friedrich

>Comodo is the 2nd largest WebTrust Compliant Certification Authority and
>their support is usually excellent. We have to renew our own certificate in
>September and I'll let you know how it went.
>
>Friedrich

That will be interesting.

SFAIK Comodo don't to renew certificates so when a certificate times
out you need to start again with a new one. I hope I'm wrong.

Steve

--
Steve Wolstenholme Neural Planner Software Ltd

EasyNN-plus. The easy way to build neural networks.

http://www.easynn.com

Steve;

> That will be interesting.
>
> SFAIK Comodo don't to renew certificates so when a certificate times
> out you need to start again with a new one. I hope I'm wrong.

We purchased our Comodo certificate in September 2003, renewed in September
2004 for one year and then in September 2005 for two years. Now we'll renew
for 3-years so it will be valid until September 2010. Should not cause any
problems :)

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

I started with a two year certificate and it still has over a year to
run. I'm interested if renewal is just a case of sending Comodo more
money or will I need to jump through all the hoops again?

Can we renew using your service at the low price or do renewals have
to go to directly to Comodo?

Steve


--
Steve Wolstenholme Neural Planner Software Ltd

EasyNN-plus. The easy way to build neural networks.

http://www.easynn.com

Hi Steve,

> I started with a two year certificate and it still has over a year to
> run. I'm interested if renewal is just a case of sending Comodo more
> money or will I need to jump through all the hoops again?

In the past, it was only a process of sending more money (no new identity
verification).

But I noticed that Thawte already changed from an automated to a
re-authentification based process. I don't know if all WebTrust agencies
have to do that now.

Last Friday a customer told me that the renewal process took only 30 minutes
so I think Comodo does not do re-authentification (yet).

> Can we renew using your service at the low price or do renewals have
> to go to directly to Comodo?

If you previously ordered Comodo Code Signing Digital IDs direct from
Comodo, it is advised that you create a new username and password when
ordering via our Lindersoft site. Unfortunately, there is no other solution
possible. We have to do the same when our certificate expires in September.
Using the existing Comodo login details will result in Retail SRP being
charged (e.g. $500 for 3-years instead of $200).

If you previously ordered directly from Comodo, but redirected from our
Lindersoft page, then you only have to enter your existing Comodo/Lindersoft
login details to renew at the discounted price.

http://www.lindersoft.com/forums/showthread.php?t=2494

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Hi Friedrich,

>I fear it was one of these days we don't like so much <g>.
>
>Unfortunately, this is with all WebTrust Compliant Certification
>Authorities, not just with Comodo. They all follow the *same* rules.

I have to admit that the Comodo experience was one of the most
frustating online experiences I have had in a very long time<g>

The information on their pages about what's needed, where and when, is
horrible to say the least. For example there is no information about
the private key. I have been through this before but had completely
forgot about that. It took several days to get that strightened out.
At points in the process their active-x or whatever it is completely
takes over the damn browser so you can't even close it. On two
ocations I had to kill it from the task managere as I could not get
anywhere and the process was frozen solid.

In order to send them the corporate information you must use the fax
cover page that they send. I didn't notice the silly attachment and
it took a day for me to get information from them what was missing
because they kept telling us that they hadn't received the fax, which
they had, just not with the correct cover page.

Because of the private key they had to re-issue the certificate and I
had to go back through the purchase process until I got to paying and
then I had to cancel and send them the order number so they could
cancel it. So I finally got all my files and everything is set up but
it was not a pleasant experience.

It's not that there is something bad about how it's set up in
particular, but the instructions on what to do, where and when are
just not there. They could definitely improve their website to be
more interactive and have better error checking.

Best regards,

Arn&#243;r Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

My point exactly. If they had had instructions, or a check list of what you
needed, or a step by step description of what the process required it would
have made my life a bunch easier. Every time I had a problem I had to go
through the same process up to the point of purchase, stop, call them, give
them the new order number and get a re-issue of the certificate. Lynn
Howard e-mailed me and said you also need a static IP through the process.
I did not have a problem with that. While I don't have a static IP, I guess
it was static enough to complete the process. Not sure what will happen
when my IP address changes like it does every few days. I wonder if part of
the validation on certificate updates is to test IP. If so, I am screwed, I
can't get a static IP where I live unless I want to go commercial DSL and
pay a ton to get it. My last email from them told me I could not do that
and I would have to go back to LinderSoft for the re-issue. Little does he
know that it was allready re-issued. Wonder what will happen now.

Bob Healy

>It's not that there is something bad about how it's set up in
>particular, but the instructions on what to do, where and when are
>just not there. They could definitely improve their website to be
>more interactive and have better error checking.

I bought my certificate from Mitchell Vincent because he was the
cheapest source at the time.

Mitchell gave all the necessary instructions until he sent
my order to Comodo. They took over with a series of hoops to
jump through but they told me exactly how to jump.

I got the collection code once Comodo were happy with my details.

With the code it was fairly easy to get the files I needed for
signing my exe's (or any other file). It was done from the
command line but I now let SetupBuilder do it while compiling my setup
file. I only need to sign my setup and uninstaller file.

Steve

--
Steve Wolstenholme Neural Planner Software Ltd

EasyNN-plus. The easy way to build neural networks.

http://www.easynn.com

My clarionmag articles last fall walked through the process: saving the
private key file, requesting 2048-bit private key, FAXing a copy of my
city-issued business license, saving certificate and private key as files
(that you can transfer to any computer) rather than in the CSP, not
abbreviating the state name, etc.

Other than using the Lindersoft signup, have things changed significantly
enough to have outdated those articles?

Jane

http://www.clarionmag.com/cmag/v8/v8n10signing1.html
http://www.clarionmag.com/cmag/v8/v8n11signing2.html

Hi Jane,

>Other than using the Lindersoft signup, have things changed significantly
>enough to have outdated those articles?

No idea. I don't have a subscription to ClarionMag and even if I had,
I would never have thought of looking on ClarionMag for information
about how to use the Comodo purchase page<g> I was purchasing from
Comodo through LinderSoft, so I did not expect to have to use yet
another website to guide me through what should be fairly simple
purchasing process<bg>

Best regards,

Arn&#243;r Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

> even if I had,
> I would never have thought of looking on ClarionMag for information
> about how to use the Comodo purchase page<g>

There have been numerous posts in the NGs about Jane's articles on the
topic.
--

Mark Riffey
http://www.rescuemarketing.com/blog/

Hi Mark,

You guys are missing the point entirely<g> The point is that the
information on the COMODO site is not the best. I know I can find
information about this by digging through all sorts of stuff here and
there, but the POINT is that it should be on _their_ site<g> This is
a pretty stright forward thing if there was just a little bit of
information on the page where you enter all the information.

Best regards,

Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

> You guys are missing the point entirely<g>

Not really. Your complaint is right on target. I was just noting that
Jane's articles have been fodder for plenty of discussions around here.

Sounds like it isnt easy regardless.
--

Mark Riffey
http://www.rescuemarketing.com/blog/

Hi Mark,

Ok, sorry;) And, no it isn't easy<g> I do understand that they need
to make sure that you are who you are, but they'd only need a tiny bit
of information to make this work pretty well. For example on the
private key. I was not sure how to do it. It's been 3 years since I
did this last time (and that was a different provider) and I'd forgot
about it. Next page tells you it is absolutely necessary for you to
have it. At that point you can't go back<g>

Best regards,

Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

Hi Arnór,

> You guys are missing the point entirely<g>

Of course, I see your point and agree :)

Friedrich

Hi Jane,

No, your excellent articles are still up-to-date :)

We (Lindersoft) provide the gateway to the original Comodo ordering system
to purchase original Comodo certificates. The only difference is that
qualified Lindersoft customers can purchase a 3-year code-signing
certificate for just $200 instead of $500.

Friedrich

Friedrich,

I have to renew mine in November and my SetupBuilder subscription in
September.

My certificate was bot through someone else. Do you know if that matters?
or are renewals all handled like new certificates?

Paul

Hi Paul,

Is this a Comodo or a Thawte, Verisign, etc. certificate?

Friedrich

Comodo...

paul macfarlane

Paul,

In your case, do *not* use your existing Comodo login details because this
would result in Retail SRP being charged (e.g. $500 for 3-years instead of
$200). Create a new username and password when ordering via our Lindersoft
site gateway. It depends on the support person whether it is handled as a
new or renew certificate. In your case, tell Comodo that you are a
long-standing Lindersoft customer and that Lindersoft always recommended
Comodo certificates in the past (and for more than 7 years now). That's why
you ordered your first Comodo certificate. In most cases, the support
engineer will simply renew your certificate (especially if you purchase a
3-year certificate).

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.5
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Thanks Friedrich - will follow your recommendations.

paul macfarlane

Thanks for this posting. Sounds more like you were applying for a bank loan
than a security certificate.

Don Harvey

Bank loans are much easier to get. These days offers seem to arrive
every day. The world runs on credit!

Steve

--
Steve Wolstenholme Neural Planner Software Ltd

EasyNN-plus. The easy way to build neural networks.

http://www.easynn.com

Hi Bob

By golly! Are these guys perhaps located somewhere in Africa? It sounds
so, so familiar.

Thanks for sharing. When the time comes we will brace ourselves.

Cheers
Andre

Hi Friedrich,

>Of course, I see your point and agree :)

If you go to the comodo site (through your portal) and put your
"I'm-a-stupid-user" glasses on<g> and pretent you don't know anything
about the registration/purchase process, I think you'll find that it
leaves quite a bit to be desired. It's probably fine if you know
exactly what you are doing, but for stupid new users like myself, it's
a definitely not user friendly<g>

Best regards,

Arn&#243;r Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

> Hi Arnór,
>
>> You guys are missing the point entirely<g>
>
> Of course, I see your point and agree :)

Friedrich,

I really hate to add to your to-do list, but this difficult Comodo sign up
process comes up WAY too often for far too many developers, and that is
just those that post.

It would be nice on your ordering page to have a PDF one can download and
print out as a reference to what the order process looks like, possibly
what documents to have in preparation for business, how that process is
handled,

OS and browser requirements, signing up for a Comodo account with user ID
and password, and most important, screen shots (with white-out of sensitive
info, of course) of the process, particularly the window that shows:

> CSP Microsoft Enhanced Cryptographic Provider v1.0
> Key Filename - In the file: C:\mykey.pvk
> Key Size : 2048
> Exportable? : tick
> User protected? : no tick

David

--
From David Troxell - Product Scope 32 PRO - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/

Hi David,

>It would be nice on your ordering page to have a PDF one can download and
>print out as a reference to what the order process looks like, possibly
>what documents to have in preparation for business, how that process is
>handled,

That would be cool, and in fact this process isn't complicated at all,
it's just that the comodo site is lacking some vital information that
only takes a few lines to explain. But without that explanation, it's
a bit of a pain. It's kind of like putting someone in the driver seat
for the first time without ever having explained what the breaks
are<g>

Best regards,

Arn&#243;r Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com


Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

That would be good. I know I have to get into this sooner or later but
haven't a clue where to start.

Don Harvey

> That would be good. I know I have to get into this sooner or later but
> haven't a clue where to start.

Don,

Well, maybe you could print this and save it for at least a start in the
process.

OK, A brief primer (NOT complete) for Clarion Developers, SetupBuilder
users, Vista and Comodo Code Signing!

http://profileexchanges.com/blog/?p=20

This blog will cover two situations - C6 IDE appearance and help issues. -
in case of the help file - you NEED an XP version of winhlp32.exe - blog
explains how to install it to vista.

ALSO, highly recommended -

http://profileexchanges.com/blog/?p=47

Get this C6 Vista Fix by LinderSoft - This freeware application makes the
appropriate WIN.INI modifications so 3rd party installations can detect
Clarion 6 on Vista and Windows Server 2008 machines. It also adds the
Clarion \Bin path to the system path environment variable.

I VERY HIGHLY recommend using SetupBuilder 6.5 Developer by Lindersoft for
quite a few reasons including web update, including adding a Vista Manifest
to a Clarion EXE, automating the process of code signing, bringing outside
protection processes such as Armadillo right into Setup install compilation
process!

And, believe me, although I have just mentioned major areas that need to be
addressed in software distribution, the wealth of actual features included
is MUCH longer - AND this tool is constantly improved.

Buy SetupBuilder 6.5 Developer Edition at the USD $399 level - 1 Developer
License + 1 Year Maintenance and entitles you to order Code Signing
Certificates at GREATLY reduced pricing! AND a wonderful year of
SetupBuilder updates that will make a difference as this product is Vista
enhanced!

Product Description - SetupBuilder 6.5 Developer, MFG - Lindersoft
Internet Link - http://www.lindersoft.com/products_setupbuilder_dev.htm

Here are some hints in working with SetupBuilder 6.5 Developer and Vista
chores!

just before create folders in Script Editor in SB install - this order

1. embed Vista manifest
2. if you're using something like Armadillo to protect program, run your
batch file for the protection program
3. Code sign the program

Also, In the General Information (Project Definition) area - there are
prompts for Digital Signature for the Install program. Very easy to do!

AND if you haven't bought your code certificate yet!

Product Description - Comodo Code Signing Certificate, MFG - Comodo
Internet Link - http://www.lindersoft.com/order_codesigning.htm

USE *** XP or XP PRO or W2K PRO *** and *** Internet Explorer *** to sign
up and complete the process for buying and obtaining a code certificate.

"NOTICE: If you previously ordered Comodo Code Signing Digital IDs direct
from Comodo, it is advised that you create a new username and password when
ordering via our site."

Number one - store/copy/retain any passwords/used ids/email addresses you
might use in the process - you will need these later.

Start from this page in IE 6 and XP

http://www.lindersoft.com/order_codesigning.htm

Select the certificate type (1, 2 or 3 years)

Use your login user name and password from the Comodo Certificate
information you got from Lindersoft - this should get you to the Comodo
certificate order page. (think of this process as this - MOST of it is
Comodo - Lindersoft order page gets you started for that discount rate)

This next step is unclear to me since I cannot duplicate what I think I saw
my first time into the system - (place on the right under Account Holders
for first time registration?) -

if you have previously registered - where you started the process with
Lindersoft's Community Membership information, BUT you obtain a separately
registered Username and password during the process, you use this to get
back into the system

(don't forget - If you previously ordered Comodo Code Signing Digital IDs
direct from Comodo, it is advised that you create a new username and
password)

Another vital part of the order process is this - make sure this option is
available to you (however, using IE 6 and XP, it should appear)

saving your C:\mykey.pvk to disk

> CSP Microsoft Enhanced Cryptographic Provider v1.0
> Key Filename - In the file: C:\mykey.pvk
> Key Size : 2048
> Exportable? : tick
> User protected? : no tick

David

--
From David Troxell - Product Scope 32 PRO - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/

>>It would be nice on your ordering page to have a PDF one can download and
>>print out as a reference to what the order process looks like, possibly
But without that explanation, it's
> a bit of a pain. It's kind of like putting someone in the driver seat
> for the first time without ever having explained what the breaks

Arnór,

When it comes time for your young lady's first driving lesson - Let Sue
teach her about the "brakes"

You can teach her about the "Breaks"

David

--
From David Troxell - Product Scope 32 PRO - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/

Hi David,

>When it comes time for your young lady's first driving lesson - Let Sue
>teach her about the "brakes"

Sorry, too many registry keys read and written in one day<g>

Best regards,

Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com

Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

It would be great if you could keep me (or us) posted.

Friedrich