Hello all, hello Friedrich!

In a few weeks my 3 year period of the certificate will end, so I have to
renew / purchase again.

I recall that at the time I bought this recent certificate, it was only
possible to run the process in a XP-machine, using Internet Explorer.

Is it now possible to order a new certificate from Windows 7 and is it
still limited to a certain browser.

My recent certificate consists of a *.PVK and a *.SPC file. This way its
it somehow understandable to me, its portable and it works. All that
other talk-talk about 'certificate in a browser and then convert to
whatever' is way over my head.

I have read through the forum and in May last year there was the same
discussion. Any changes since then?

I need it small and simple!


Thanks in advance,
Wolfgang



--
Wolfgang Orth

www.odata.de
www.kik-service.de

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It's five o'clock somewhere.....

Hi Wolfgang,

> In a few weeks my 3 year period of the certificate will end, so I have to
> renew / purchase again.
>
> I recall that at the time I bought this recent certificate, it was only
> possible to run the process in a XP-machine, using Internet Explorer.
>
> Is it now possible to order a new certificate from Windows 7 and is it
> still limited to a certain browser.
>
> My recent certificate consists of a *.PVK and a *.SPC file. This way its
> it somehow understandable to me, its portable and it works. All that
> other talk-talk about 'certificate in a browser and then convert to
> whatever' is way over my head.
>
> I have read through the forum and in May last year there was the same
> discussion. Any changes since then?
>
> I need it small and simple!

Nothing changed in the ordering process! Microsoft created this
"limitation" and there is nothing the WebTrust agencies (Comodo, VeriSign,
etc.) can do to overcome this limitation.

If you order from a Windows 7 machine, then the "In the File" option is not
available. As a result, your code-signing certificate will go directly into
your certificates "pool" and you have to export it to .PFX with an option to
convert this to .PVK/.SPC. By the way, SetupBuilder supports both options:
the .PVK/.SPC pair and .PFX. So in fact, you only need the .PFX (PKCS #12).

If you only have Windows 7 available, no problem and it's really not a big
deal. Just export it to .PFX and you are back in business. But I would
strongly suggest to use Internet Explorer and not Firefox when you request
the certificate!

Good luck!

Friedrich

> Hello all, hello Friedrich!
>
> In a few weeks my 3 year period of the certificate will end, so I have to
> renew / purchase again.
>
> I recall that at the time I bought this recent certificate, it was only
> possible to run the process in a XP-machine, using Internet Explorer.
>
> Is it now possible to order a new certificate from Windows 7 and is it
> still limited to a certain browser.

Wolfgang,

Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

Download the CHM version of this blog.

Included in this help topic - Code Sign - Order Process - is a tutorial on
The Comodo Code Sign Certificate Order Process, specifically through the
Lindersoft Code Signing order.

If you order it using the Microsoft XP operating system, you can obtain it
with a PVK and SPC file - the tutorial contains some hints about doing so -
paticularly notice the screen shot - In the file and Exportable.

If you order it with Windows 7 and Firefox, this comodo page includes
instruction for saving it to a PFX format

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=419&nav=0,96

Signtool.exe or Signcode.exe

These tools digitally sign files, verifies signatures in files, or time
stamps files.

Signtool.exe - Use a certificate in a PFX format.

Signcode.exe - Use a certificate in spc and pvk file format.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

I tried to use IE when downloading my certificate and I got an error
message about a plug-in that was required. I answered yes to download it
and IE ignored the answer and installed nothing. I had to use FireFox
which was no problem and is the browser I prefer anyway.

Bob Robesky

Bob,

> I tried to use IE when downloading my certificate and I got an error
> message about a plug-in that was required. I answered yes to download
> it and IE ignored the answer and installed nothing. I had to use FireFox
> which was no problem and is the browser I prefer anyway.

In this case, your securitry setting in IE was "too high" and so the
Microsoft plug-in did not install.

Friedrich

Friedrich,

And, how is this security setting changed? I am Administrator on the
machine with the Certificate and UAC is turned off.

At any rate, my point was that I don't think it was anymore difficult to
use FireFox as opposed to IE. It was actually a minor problem in the
whole getting a Certificate process which I am glad I don't have to do
again for another 3 years.

Thanks,

Bob

The link David Troxell posted shows the security setting Comodo recommends
(see pic)

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=419&nav=0,96

Jane Fleming

>
> And, how is this security setting changed? I am Administrator on the
> machine with the Certificate and UAC is turned off.
>
>
> Thanks,
>
> Bob
>
>

Jane,

Oh, boy, another article I didn't read.

I also didn't read your article until after I got the Certificate installed.

No wonder I had an awful week that I am trying to blank out.

NOTE TO SELF: Read Jane's CodeSigning article next time. Read all the
other CodeSigning information before proceeding through the nightmare
again. Now... If I can just remember this advice in 3 years...

Thanks,

Bob

> Jane,
>
> Oh, boy, another article I didn't read.
>
> I also didn't read your article until after I got the Certificate installed.

Bob,

Jane has many fine resources including Clarion Live! presentation and
Clarion Magazine articles, but here is one that needs to be on the top of
your reading list.

Learning SetupBuilder Part I

Download and install (if not already) -

http://www.lindersoft.com/downloads_licensed.htm

also - most recent builds of SetupBuilder include an extremely easy method
to acquire Learning SetupBuilder Part I.

In the SB IDE - click on Help Topics - Learning SetupBuilder - if not
installed already - it will download and install it for you.

Section for Code-Signing - at least get familiar with this resouce, and her
many helpful reference topics - so you can easily refer to them when
needed.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi Bob,

> And, how is this security setting changed? I am Administrator on the
> machine with the Certificate and UAC is turned off.

The same can happen on, say, XP machines. If the browsers security settings
are set "too high" then the required Authenticode plug-in (ActiveX) from
Microsoft can't be installed (or executed) and the certificate request
process fails.

In your case, if IE failed and FireFox succeeded then you had different
security settings in the browsers. On your machine, the FireFox security
settings were not as strict as the IE ones.

BTW, the problem is not UAC per-se. But in Vista, Windows Server 2008,
Windows 7 and Windows Server 2008 R2, the required components are not
available any longer to handle "In the file" certificate requests. So the
certificate always goes into the certificates pool and you have to export it
(e.g. to .PFX) in order to code-sign files.

Friedrich