Making a new install I get a compiler error GEN1053 errorcode -1 code
signing failed. Tried changing time stamps and no luck. Pretty sure my code
signing doesn't expire for a while. I looked at a previously signed exe and
it said it was good until 2015. So I went back to another install that I
just compiled on the 13th of Sep., and got the same error. I looked under
Details for the certificate and it said it was valid from May 09,2010 to May
10, 2015. I assume that's when my signature expires.. right?

Any idea's anyone?

Thanks,

--
Ray Rippey
VMT Software - http://www.vmtsoft.com

Hi Ray,

> Making a new install I get a compiler error GEN1053 errorcode -1 code
> signing failed. Tried changing time stamps and no luck. Pretty sure my
> code signing doesn't expire for a while. I looked at a previously signed
> exe and it said it was good until 2015. So I went back to another install
> that I just compiled on the 13th of Sep., and got the same error. I looked
> under Details for the certificate and it said it was valid from May
> 09,2010 to May 10, 2015. I assume that's when my signature expires..
> right?
>
> Any idea's anyone?

If it worked fine in the past and you did not change anything in the
SetupBuilder configuration (e.g. the code-signing tool) then I assume that
your security software "blocks" the Authenticode process. Make sure that
you are using the correct tool to code-sign. Try to add the code-signing
utility to the "exclusion list" and compile again. If it still does not
work, try to compile without a timestamp server to see if access to the
timestamp server is blocked.

And you can try the SignCode.exe with the same configuration settings to see
if it gives you a human readable error message.

Hope this helps.

Friedrich

Turns out it is expired.. man 3 years went by fast! So I'm in the process
now... I have to show my website registration information by temporarily
killing the private registration which takes 24 hours... then I'll turn it
back on.

Also, I did go through the docs and didn't follow them... as an experiment,
I used the same email address as before... and they now have a way to email
them the docs they want in jpg format... so those things in your docs and
Janes docs have changed. I'm in touch with them and as soon as my domain
shows my address.. I should be all set.

Just not that hard really... a PITA, but not hard.

Oh, and thanks for the discount.... that sure adds to the incredible value
of subscribing to Setupbuilder.

Ray
VMT

> Turns out it is expired.. man 3 years went by fast! So I'm in the process
> now... I have to show my website registration information by temporarily
> killing the private registration which takes 24 hours... then I'll turn it
> back on.
>
> Also, I did go through the docs and didn't follow them... as an experiment,
> I used the same email address as before... and they now have a way to email
> them the docs they want in jpg format... so those things in your docs and
> Janes docs have changed.

Ray,

I went through the "The Comodo Code Sign Certificate Order Process,
specifically through the Lindersoft Code Signing order link" again last
year (2010), and documented the latest in my company's:

CHM version of this blog

Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

Since many people download this resource (and use it to refer to for their
ordering experience)

I would appreciate if you'd review the latest CHM, and either respond here
or by email - if the help topic - Code Sign - Order Process is still
accurate for what you encountered during your order process.

Or possibly state some additional information that would be helpful to add
to the CHM.

Thanks,

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

David thanks for the great documentation.

I made the huge mistake of not using XP to get my latest certificate, trying
to get signtool.exe followed the directions to download/install the windows
sdk kit, seems this is the only way to get this tool.... did that , and
still can't find where signtool.exe is?

do you know where this would be or how I can get a copy, I'm looking for
signtool so I can just use my pfx ... I've tried going through the
conversion to convert the pfx to the pvc/pvk so I could continue to use the
signcode.exe but no luck..

This is such a royal PIA !!

Brent Engel

Hi Brent,

> David thanks for the great documentation.
>
> I made the huge mistake of not using XP to get my latest certificate,
> trying to get signtool.exe followed the directions to download/install
> the windows sdk kit, seems this is the only way to get this tool.... did
> that , and still can't find where signtool.exe is?
>
> do you know where this would be or how I can get a copy, I'm looking for
> signtool so I can just use my pfx ... I've tried going through the
> conversion to convert the pfx to the pvc/pvk so I could continue to use
> the signcode.exe but no luck..
>
> This is such a royal PIA !!

Unfortunately, it's not allowed to redistribute signtool.exe.

Try this:

http://www.lindersoft.com/forums/showthread.php?t=19327

Friedrich

> David thanks for the great documentation.
>
> I made the huge mistake of not using XP to get my latest certificate, trying
> to get signtool.exe followed the directions to download/install the windows
> sdk kit, seems this is the only way to get this tool.... did that , and
> still can't find where signtool.exe is?

Brent,

Sorry, you are having this problem - this may help - instead of using Jane
Fleming's instructions for obtaining signtool.exe, I documented an
alternative method (I found her method to be more cumbersome - but her
instruction on Code Signing issues, of course, is First Rate - Top of the
Tier!)

BTW, once you get signtool.exe - it's a much better, and Updated tool for
code signing with many advantages.

From the Signtool.exe help topic in Making App Data UAC safe CHM - (here
are some brief instructions - same as contained in help topic, less
illustrations)

you only need two files - signtool.exe and capicom.dll (you won't need the
pvk2pfx.exe conversion file)

* * * * *

Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1

Download and install - winsdk_web.exe

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3138

Following the screen shot for Installation options (included in CHM) - mark
ONLY the win32 development tools

signtool.exe - pvk2pfx.exe

If you chose the default install locations, the files will be installed in
this folder:

C:\Program Files\Microsoft SDKs\Windows\v7.0\bin

* * * * *

capicom.dll - must be installed and registered. Click on the following link
for capicom.dll, download and install (this install can be used for Windows
7 and Vista) - using this setup, capicom.dll is installed and registered -
you do not need to relocate this file:

Platform SDK Redistributable: CAPICOM
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25281

Download and install

Then follow Jane's instructions in SetupBuilder - Learning SetupBuilder
Part I CHM to use signtool.exe in SetupBuilder.

David

--
From David Troxell - Product Scope 7.9 - Encourager Software
Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

Well, I got my code signing certificate.. all went very well because I'm
renewing (actually buying again), so I had all the software from before and
had setup code signing in batch files and setupbuilder, so I had somewhat of
a clue. That being said I followed Janes Docs.. almost to the T.

There was something about changing your email address when you're renewing
(repurchasing really).. I didn't see the point so I used the same Email
address.. and I'm glad I did. Turns out they have to verify our domain
name... and here is where I got messed up for a few days. I had to UN-hide
my private registration so my email, and postal address, and phone number
would show up (and match) when they checked with Whois database. It's very
important that the address on your phone bill or license matches the whois
entry, as well as the email address that you are using to communicate with
Comodo is the same as the one in the whois database.

Also, I was able to Email my business license and the first page of my phone
bill.. .they have an Email address for that now.

Once that was done they called me and verified my phone and email ( they had
actually sent me an email that I was supposed to setup an appointment for
them to call me, but evidently the guy in India figured I'd be here.. so he
called about the same time I got the appointment Email).

Once I verified on the phone with him, I got an Email to pick up my
certificate... which was no problem, has I had already switched my default
browser to IE, so I clicked on the link and downloaded the SPC file. The PVK
file had been created when I first started this process.

So, for my situation, the things I would have ready are these:

Change your default browser to IE.
Turn off your private registration for your domain (the main domain that you
will always use)... and make sure your info is showing up in whois.. Godaddy
is the easiest one to use for viewing whois IMHO.
Scan your license or phone bill or 2 of the required documents to a jpg file
and have them ready.

After that go to the Lindersoft site and purchase 3 years.. cause you sure
don't want this hassle every year. And if you don't have Setupbuilder... get
it. It makes it easy to buy the signing certificates and cheaper.. and with
Setupbuilder it will manifest and sign your code. I used to do it all in
batch files with the signtool.exe, but not anymore. Depending on your
situation, you can build a setupbuilder script that manifests and signs for
you... or just put it in your install script.

Anyway, it wasn't that bad.. just had to have some patience.. I didn't know
my certificate was expired until I went to create an install.. so I couldn't
create any installs for a few days.. but if I would have known how to turn
off my private registration.. it would have taken 1 day because they are
very responsive by email.

Thanks to all who have written about this subject... because I had the docs
in front of me while I was doing everything... makes a huge difference.

Ray Rippey
VMT Software

Thanks for sharing this very interesting information, Ray!!!

Friedrich

> Well, I got my code signing certificate.. all went very well because I'm
> renewing (actually buying again), so I had all the software from before and
> had setup code signing in batch files and setupbuilder, so I had somewhat of
> a clue. That being said I followed Janes Docs.. almost to the T.

Ray,

Yes, thanks much for this in depth discussion about your experience - and I
quite agree - Jane Fleming's documents are excellent, and much of her
instructions are still top rate and thorough for the process.

The area that could use a bit updating - is the additional choices many are
using today - ie. instead of XP and IE Explorer to obtain spc and pvk and
then converting to PFX format for signtool.exe use

Many now use Windows 7 - IE or FireFox - and within the certificate manager
of the browser - export to a pvk or p12 format for use with signtool.exe

Also, good point that you made - confirming email address in WHOIS
information, and turning off private registration (temporarily) while
Comodo confirms the email address - an important step in the process and
can cause aggravation for some that are not aware of it.

David

--
From David Troxell - Product Scope 7.9 - Encourager Software
Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

> Well, I got my code signing certificate.. all went very well because I'm
> renewing (actually buying again), so I had all the software from before and
> had setup code signing in batch files and setupbuilder, so I had somewhat of
> a clue. That being said I followed Janes Docs.. almost to the T.

Corrected message: (convert to PFX or p12 format)

Ray,

Yes, thanks much for this in depth discussion about your experience - and I
quite agree - Jane Fleming's documents are excellent, and much of her
instructions are still top rate and thorough for the process.

The area that could use a bit updating - is the additional choices many are
using today - ie. instead of XP and IE Explorer to obtain spc and pvk and
then converting to PFX format for signtool.exe use

Many now use Windows 7 - IE or FireFox - and within the certificate manager
of the browser - export to a PFX or p12 format for use with signtool.exe

Also, good point that you made - confirming email address in WHOIS
information, and turning off private registration (temporarily) while
Comodo confirms the email address - an important step in the process and
can cause aggravation for some that are not aware of it.

David

--
From David Troxell - Product Scope 7.9 - Encourager Software
Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

Agreed, David.

I took screen shots through my certificate purchase in June, which was done
on a Vista machine and exported from IE as a .pfx.

When time permits, I'll send Friedrich an update to the PDF I did a couple
of years ago.

Jane

> Agreed, David.
>
> I took screen shots through my certificate purchase in June, which was done
> on a Vista machine and exported from IE as a .pfx.
>
> When time permits, I'll send Friedrich an update to the PDF I did a couple
> of years ago.

Jane,

Thanks much for this update.

Also, if some of that updated (and extended) PDF information could find
it's way into the -

Learning SetupBuilder Part I CHM, that would be "Extra Special" :-D

David

--
From David Troxell - Product Scope 7.9 - Encourager Software
Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

Ray,

Thanks for the reminder. I'm sure my 3 year registration is soon coming to an
end. I'll have to un-private my registration while the re-registration is in
motion. GoDaddy makes that easy. Thanks to Jane's docs, my initial process was
very smooth. I think start to finish was almost 2 days and nothing delayed it.
It sure did not match the horror stories I was reading at the time! <g> (thanks
to Jane's doc <g>)

And I concur - get the order via Lindersoft.

--
Russell B. Eggen
www.radfusion.com

Russ,

> And I concur - get the order via Lindersoft.

That's a no-brainer... meaning if you don't you have no brain!<g>

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Enhanced Reporting: http://CreativeReporting.com


Product Release & Update Notices
http://twitter.com/DeveloperPLUS