Do I download the zip file and install everything again?

Dan Scott

> Do I download the zip file and install everything again?

Hi Dan,

Just follow the steps in Jane's updated guide:

http://www.lindersoft.com/Comodo2014.pdf

It covers the entire process from when you order it to how to get it.

Charles




--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Charles

Those instructions are to renew, I only want to upgrade from sha-1 to sha-2
I am good until 2017

Dan

> Those instructions are to renew, I only want to upgrade from sha-1 to sha-2
> I am good until 2017

If your certificate expires after 1-1-2016, you will have to get a new one
to do the SHA-2 signing (or dual signing).

Here is what Comodo says about re-issuing:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/988/0/how-do-i-re-issue-my-current-certificate-with-sha-2-sha-256


Does that help?

Charles



--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Dan,

Did you request your current certificate on or after September 8, 2014? If
this is the case, then you already have a SHA-2 certificate type.

Friedrich

I am beyond help Charles <g>

Dan Scott

Hi friedrich

Yes sept 9 2014, but looking at my digiital certificate in the exe, it says
sha-1

Dan

Hi Dan,

> Yes sept 9 2014, but looking at my digiital certificate in the exe, it
> says sha-1

Yes, you can do SHA-1 signing with an SHA-2 enabled certificate <g>.

Try SHA-2 code-signing and see what happens...

Friedrich

To support legacy and modern Windows operating systems, I would suggest to
use SHA-1/SHA-2:

http://www.lindersoft.com/forums/showthread.php?46908-SB10-Tips-amp-Tricks-1-Dual-SHA-1-SHA-2-code-signing

Friedrich

Will give that a try
Thanks

Dan Scott

You need to request a REPLACE of your certificate. Comodo will reissue a
sha-2 certificate for the remainder of your license term

After the certificate is replaced it must be downloaded and reinstalled.

Hyrum Tatton

That is what I am thinking

Thanks

Dan Scott

Fredrich,

How can I check my certificate?

My current certificate is Valid from 3rd December 2014 through to 2nd
December 2017.

The Signature algorithm is sha256RSA and the Signature hash algorithm is
sha256, but the Thumbprint algorithm show as sha1.

I've downloaded the latest Signtool.exe that I could find v10.0.10586.15

I've followed your Tips & Tricks for Dual SHA-1/SHA-2 code-signing

and I get the attached Error Code: 2

Any pointers as to what I might be doing wrong?

Regards,

Neil.

Neil,

> How can I check my certificate?
>
> My current certificate is Valid from 3rd December 2014 through to 2nd
> December 2017.
>
> The Signature algorithm is sha256RSA and the Signature hash algorithm is
> sha256, but the Thumbprint algorithm show as sha1.

Comodo supports only SHA-2 for any Code-signing certificate issued after
22nd September 2014 which expires after 2015. So if your certificate is
valid from 3rd December 2014 through 2nd December 2017 then you have a SHA-2
based certificate.

> I've downloaded the latest Signtool.exe that I could find v10.0.10586.15
>
> I've followed your Tips & Tricks for Dual SHA-1/SHA-2 code-signing
>
> and I get the attached Error Code: 2
>
> Any pointers as to what I might be doing wrong?

Are you using Windows 8.1 or later? In your case, both SHA-1 and SHA-2
signing failed. It's possible that your machine does not have the
Authenticode Capicom components installed/registered and/or that your
protection software blocks SignTool.exe and/or blocks access to the
timestamp server(s).

Friedrich

> So if your certificate is valid from 3rd December 2014 through 2nd December 2017 then you have a SHA-2
> based certificate.

Hmmm...

That seems to be different than what they said on this page:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/988/0/how-do-i-re-issue-my-current-certificate-with-sha-2-sha-256

"If your certificate presently expires:

BEYOND 31 December 2016, then Comodo automatically will provide you
with a SHA-2 signed certificate upon re-issuance."


Charles



--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Hi Charles,

> Hmmm...
>
> That seems to be different than what they said on this page:
>
> https://support.comodo.com/index.php?/Knowledgebase/Article/View/988/0/how-do-i-re-issue-my-current-certificate-with-sha-2-sha-256
>
> "If your certificate presently expires:
>
> BEYOND 31 December 2016, then Comodo automatically will provide you
> with a SHA-2 signed certificate upon re-issuance."

Yes, it's confusing! From September 08, 2014 - September 22, 2014 Comodo
issued SHA-2 certificates "by default". If customers did not explicitly
selected SHA-1, they received a SHA-2 certificate (customers still had a
choice). But on and after September 22, 2014, Comodo supported only SHA-2
for any Code-signing certificate which expired after 2015.

As far as I understand, Neil requested a certificate AFTER September 22,
2014 which expires AFTER 2015. So he should already have a SHA-2 based
certificate.

Friedrich

> Yes, it's confusing! From September 08, 2014 - September 22, 2014 Comodo
> issued SHA-2 certificates "by default". If customers did not explicitly
> selected SHA-1, they received a SHA-2 certificate (customers still had a
> choice). But on and after September 22, 2014, Comodo supported only SHA-2
> for any Code-signing certificate which expired after 2015.
>
> As far as I understand, Neil requested a certificate AFTER September 22,
> 2014 which expires AFTER 2015. So he should already have a SHA-2 based
> certificate.

Got it - thanks for the clarification!


:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

BTW, here is a link to Capicom (if you need it):

http://www.lindersoft.com/forums/showthread.php?45948-SignTool-does-not-work-with-Windows-10&p=82260#post82260

http://www.lindersoft.com/forums/showthread.php?p=75570#post75570

Friedrich

> My current certificate is Valid from 3rd December 2014 through to 2nd
> December 2017.

Neil,

You need to request a replacement certificate since yours expires after
December 31, 2016

https://support.comodo.com/index.php?/Knowledgebase/Article/View/988/0/how-do-i-re-issue-my-current-certificate-with-sha-2-sha-256

Directions to request the replacement are here:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/644/0/how-do-i-get-a-replacement-certificate

I hope this helps.


:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Capicom was what I was missing.

Installed and dual signing now, thank you.

Regards,

Neil.

Thanks Charles,

I'm not actually sure if I need to or not.

I've installed Capicom now, which appeared to be the issue, and I seem
to be sucessfully dual signing with the certificate that I have :-)

Regards,

Neil.

> Thanks Charles,
>
> I'm not actually sure if I need to or not.
>
> I've installed Capicom now, which appeared to be the issue, and I seem
> to be sucessfully dual signing with the certificate that I have :-)

Cool - I'm glad that you got it sorted (and that Friedrich helped shed
another piece of light on the puzzle)!


:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.solidsoftware.com - ImageEx and RichReport templates!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Using Win 10, but didn't have Capicom installed.

Thanks for pointing me in the right direction.

Regards,

Neil.

Hi Friedrich,

> Yes, it's confusing!

No!!! Code signing statement that's confusing??? Never heard of such a
thing!!!<vbg> Have a good weekend:)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Neil,

> Using Win 10, but didn't have Capicom installed.

What is Capicom? How does that affect code signing?

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Arnor,

I'm not exactly sure what it is, but see this from Friedrich in an
earlier post:

Are you using Windows 8.1 or later? In your case, both SHA-1 and SHA-2
signing failed. It's possible that your machine does not have the
Authenticode Capicom components installed/registered and/or that your
protection software blocks SignTool.exe and/or blocks access to the
timestamp server(s).

BTW, here is a link to Capicom (if you need it):

http://www.lindersoft.com/forums/showthread.php?45948-SignTool-does-not-work-with-Windows-10&p=82260#post82260

http://www.lindersoft.com/forums/showthread.php?p=75570#post75570

Regards,

Neil.

Hi Neil,

> I'm not exactly sure what it is, but see this from Friedrich in an
> earlier post:

Thanks - no idea what it is either. Looked online and there wasn't much
there either<g> I do my code signing on Win7 which hasn't been upgraded
for a while and I'm leaving it that way as otherwise it appears I'll
have to upgrade to 10. I've upgraded one machine to 10 and I wasn't too
thrilled about the performance to start with. Removing a bad drive
helped a lot<g> For some reason 10 kept hacking on it - it was
completely dead, couldn't even format it;)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Arnor,

>
> What is Capicom? How does that affect code signing?
>

CAPICOM is an ActiveX control (deprecated by Microsoft) used to digitally
sign data. SignTool needs CAPICOM.dll version 2.1.0.1 or higher -- but the
funny thing is that CAPICOM is excluded from the Windows SDK beginning with
the Windows SDK for Windows 7. And all, except one <g>, available CAPICOM
redistributable installers fail to register it under 64-bit Windows 7,
Windows 8.x and Windows 10. If the DLL is not registered, SignTool will
complain that it cannot be found even if they are in the same directory.

So if SignTool fails, first thing to do is to run the CAPICOM
redistributable that is powered by SetupBuilder :)

Friedrich