Hello,

It's that time again - and I am lost (as usual)

I have had the painstaking time of working with COMODO to get my
certificate. I would rather have Teeth Pulled next time - these people were
absolutely insane!

The guy (India of course!) after going through FOUR PEOPLE there got fed-up
and just said "I'll just send you the key, have a nice day, goodbye" and
hung up the phone on me. The first person told me (while on the phone) to
click on the chat window and he said, "did someone come up" and I said
"Yes, susanne" and he said, "talk to her!" and hung up the phone.

It was the most insane support experience I've ever had in my life. Four
people, all India, no one could understand that my account was locked for
some reason.

Anyway --- I have the key (through email) and I have it in Firefox. I also
imported/exported it from Firefox to IE so I have it in both places.

Now, I read about converters here:

https://www.sslshopper.com/ssl-converter.html

I paid $200 for three years.

But, I am still at a complete loss how to take what I have in Firefox and IE
(InnQuest Code Signing Certificate) and get it to the innquest.pvk and
innquest.spc files to overwrite my existing ones????

Is there a program that I need to download.

I have it in a certificate (.der format)

HELP PLEASE.

Thank you.

Robert Paresi

Howdy Robert -

Have you checked out Jane's document?
http://www.beachbunnysoftware.com/SB/Comodo2014.pdf

I don't know if it has what you need, but it would be the first place
I'd go.

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

Source code is like a joke.
If you have to explain it, then it's not funny.

Exactly - but my issue is I can't select "Personal Information Exchange"
bubble.

That's my issue.

DER encoded binary
Base-64 encoded x.509
Cryptographic Message Syntax Standard

These are all selectable.

But the "Personal Information Exchange - PKCS #12 (.PFX) is completely not
selectable.

it's grayed out.

See attached.

:-(

Robert Paresi

Did you buy the correct sort of certificate?

Liam

I got nothing but this:
https://www.google.com/search?q=pfx+export+disabled

Hope it works out.

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

Source code is like a joke.
If you have to explain it, then it's not funny.

To clarify, are you trying for SSL or Code Signing?

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

Source code is like a joke.
If you have to explain it, then it's not funny.

I'm still lost, but I did get it to a PFX file.

Fredrich gave me the link and I paid $200 - I filled out all the
information.

This is because my Setup Builder usage of the code signing expired.

I'm still lost!

I have an innquest.pvk file and an innquest.spc file - I use it run any
install job in SetupBuilder.

So, I have to replace my PVK and SPC files in that directory and I don't
remember how I did this 3 years ago. :-(

-Robert

I did find this - and I'll keep trying:

https://support.godaddy.com/help/article/6034/converting-an-exported-pfx-code-signing-file-to-pvk-and-spc-files-using-windows

Robert Paresi

OK!!!

It was more painful than having a tooth drilled.

DONE!

I followed this and it finally worked!!!

:-)

Robert Paresi

Hi Robert,

> I have had the painstaking time of working with COMODO to get my
> certificate. I would rather have Teeth Pulled next time - these
> people were absolutely insane!

You should post this on the SB newsgroup, most people there have gone
through this process at some time or another and some have it fresh in
memory how to do this<g> Comodo and other code signing companies are
money making machines and nobody there knows what the heck they are
doing (I know a guy a little bit who works/worked for Comodo and in his
words: There is no management, nobody knows what they are doing)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

I am seeing that.

I asked to talk to his Supervisor. He said "No you can't!"

I said "Please don't hang up on me"

he said "Chat with someone online, have a nice day, bye" and hung up.

It's completely weird!

-Robert

Hi Robert,

> he said "Chat with someone online, have a nice day, bye" and hung up.
>
> It's completely weird!

<g> I'm glad you got through it and got it sorted. I have this coming
up this fall and I'm not looking forward to it ;)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Arnor,

> <g> I'm glad you got through it and got it sorted. I have this coming
> up this fall and I'm not looking forward to it ;)

I had to do mine at the first of the year and if you get all the bells
and whistles ready and triple check EVERYTHING it doesn't have to be
painful. Ordered my cert one night, had it in place the next morning.

Updated the registrar information for DeveloperPLUS.com using a
temporary email address. Removed the redirect from the domain and put
one page on the site that presented the information on the attached
screen capture. Also removed the "private" option from the website.

All this was in place for a couple of days before I walked through
Jane's paper and placed the order. Hell, if I had placed it sooner in
the day I would have had my cert the same day.

By the way, DeveloperPLUS is also my business name and what's on my
city and county business licenses... which I scanned and attached to a
trouble ticket I posted a couple of minutes after finishing the online
order form. Again, just as Jane suggested.

Once I got my cert I reset the redirect and I was done. 3 years to the
good and not a single tear shed! <g>

Lee White

Robert,

I would suggest to use the .PFX in SetupBuilder and not .PVK./.SPC. Soon,
you'll have to code-sign with SHA-2 (or dual SHA-1 / SHA-2). The completely
outdated signcode.exe does not support it.

Friedrich

Hi there!

Can you explain what change I should be doing. I have a PFX file.

Right now, in the script, I do this for all my EXE's.

#code-sign application "C:\roomMaster\Latest Build\InstallRMFiles\Version
SQL\innres.exe" ["roomMaster - roomMaster.net Control Panel"] [Permanent]
[Skip]


Should I be doing something else?

The PFX File (Optional) I leave blank.

I put the credentials file and the Private Key file.

Is there a new way / better way I should be doing this?

-Robert

Robert,

Microsoft allows distribution of their signcode.exe, and that installs wih
SetupBuilder. That old tool uses the two files - credentials file and
private key file.
There are several downsides to signcode, including occasional loss of focus
during signing and, as Friedrich says, the fact that it does not support the
newer SHA2 encryption that Microsoft is phasing in.

The tool of choice is signtool.exe. Unfortunately, Friedrich can't
distribute that. You need to install at least a part of the Microsoft SDK
in order to get signtool on your system.

Signtool works with the PFX file directly (and does not require the other
two files). Signtool supports SHA2 encryption, and also SetupBuilder's
option to dual-sign things (using both SHA1 and SHA2). (Last I looked, SHA2
signing requires the signtool from the SDK for Windows 8.1). SHA2 signing
also requires certain timestamp servers.

Once you have installed signtool.exe, you need to tell SB where it is. And
then you need to specify your PFX file and its password on all the
code-signing fields.

Jane

Awesome!!!

I'll change right away!

Thanks!!

Robert Paresi

Hello,


COOL COOL - I did a search for my entire computer and it found the SignTool
in the following place (without having to download anything)

c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\bin

So I went into my SB Setup and put that in there:

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe

I then saved it and went into my SB application.

On General Information / Digital Signature - I added the PFX (optional) file
and left the Credentials File and Private Key file filled out.

I pressed OK

I compiled and I got this:

-------------
Adding Digital Certificate ...
(stuff)
Code signed successfully
Terminating CSigning Process... [0]
OK
-------------

SO, I guess it worked!! Right?

No more popup windows! I love it.

-Robert

Welcome to 2010, Robert !! <g>

But you really ought to read up on the SHA2 stuff.
And RFC 3161 timestamp servers.
Which may require your switching to using Windows 8 to sign. (or snagging
the tool and mssign32.dll from an 8.1 machine).

http://www.lindersoft.com/forums/showthread.php?45160-Playing-with-8-5-4648&highlight=3161

http://www.lindersoft.com/forums/showthread.php?44540-SetupBuilder-8-2-provides-built-in-support-option-for-SHA-2

http://www.lindersoft.com/forums/showthread.php?44897-SetupBuilder-2015-Version-8-5-Build-4640-Pre-Release&p=80920#post80920

etc.....

(Yes, my head hurts, too...)

jf

>or snagging the tool and mssign32.dll from an 8.1 machine).

In my Win8.1 vm I found version 6.3.9600.17928 at "c:\Program Files
(x86)\Windows Kits\8.1\bin\x86\signtool.exe", not sure if it was installed
with Win8.1 or Visual Studio 2013.

Carlos Gutierrez

I am using 6.3.9600.17298, too.

Friedrich