So, I renewed my comodo certificate.. logged in, told it to renew my
certificate... paid for it, got the receipt.

Now I show the order# in my management area as well as my old
certificate. The new order says Awaiting Validation. Not sure what that
means... do I have to do something? or do I just wait?

TIA

--
Ray Rippey
VMT Software

Ray,

> So, I renewed my comodo certificate.. logged in, told it to renew my
> certificate... paid for it, got the receipt.
>
> Now I show the order# in my management area as well as my old certificate.
> The new order says Awaiting Validation. Not sure what that means... do I
> have to do something? or do I just wait?

did you already contact them and sent your documentation?

See this (page 6 pp):

http://www.lindersoft.com/Comodo2014.pdf

Or this:

http://www.lindersoft.com/forums/showthread.php?46841-Comodo-Certificate-Order-August-25-2015

Friedrich

Ok, I'll just wait for a bit... Thanks.

Ray

--
Ray Rippey
VMT Software

Ok, got my .pfx file.. do I need the .pvk or .spc files? I'm missing
that part in the instructions.. also, it didn't ask me for a second
password when I exported it from IE. Only the one I made up, not the one
for the order. In Janes instructions there were 2 screens that asked for
the password.

Will that be a problem? I'm thinking I didn't click on the 'High
Security' radial when I ordered it.


Thanks,

Ray

--
Ray Rippey
VMT Software

> did you already contact them and sent your documentation?

Got my certificate.. have a PFX file. I used openssl to create the .pvk,
..pem, and .spc files... using the instructions at:

https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/548/7/


I changed the global signing area in setupbuilder for the new .pfx file,
entered my password that I used to export the pfx. I used
http://timestamp.comodoca.com for both timeservers, and checked the
Global SHA-1 and SHA-2 dual.

That failed with an error signing GEN1053: Code signing process failed.
Error Code 1.

I changed it to Globabl SHA-2 only and it signed. So dual signing is not
working.

Currently I'm only signing the install because my files had already been
signed... I can fix that later, just wanted to test the setup.exe
first..didn't know if that makes a difference.


TIA

--
Ray Rippey
VMT Software

Hi Ray,

> I changed it to Globabl SHA-2 only and it signed. So dual signing is not
> working.
>
> Currently I'm only signing the install because my files had already been
> signed... I can fix that later, just wanted to test the setup.exe
> first..didn't know if that makes a difference.

Please see this:

http://www.lindersoft.com/forums/showthread.php?47199

You need your .pfx and a specific Windows version (8.x or better Win10) and
SignTool build to support dual code-signing. Quite a few Windows 7 systems
do not support dual code-signing (you need a very specific patch level in
Win7).

Does this help?

Friedrich

I had been doing dual code signing before I updated my certificate. I
never used the global code sign in SB before, always used it per app. So
I only changed the certificate (I got SHA2 when I purchased it), and I
tried using the global code signing part of SB. Do I need to make a
Certificate Profile in the options area?

So, I told it not to use the global code signing.. use local
code-signing from project.

Went to my 'General Information/Digital Signature' and put in my new
spc,pvk,pfx and password.. and it dual signed my install just fine.

I can just go through and change the signing manually.. so at least I
know my certificate works. There's either a problem with the global
options or I'm missing something.

Ray

--
Ray Rippey
VMT Software

Hi Ray,

> Do I need to make a Certificate Profile in the options area?

No.

> So, I told it not to use the global code signing.. use local code-signing
> from project.

Okay.

> Went to my 'General Information/Digital Signature' and put in my new
> spc,pvk,pfx and password.. and it dual signed my install just fine.

New .spc and .pvk? You should only use .pfx! .spc and .pvk is a thing from
the past <g>.

> I can just go through and change the signing manually.. so at least I know
> my certificate works. There's either a problem with the global options or
> I'm missing something.

There is no issue with the global options. Just add your .pfx and the
password, select the correct SHA-1 and SHA-2 timestamp servers and select
the "Global SHA-1 & SHA-2 dual" option.

Friedrich

> New .spc and .pvk? You should only use .pfx! .spc and .pvk is a thing from
> the past <g>.

Ok then.. that was a lot of work to build the .spc and .pvk files. Oh
well, needed to exercise my brain.

In the global code signing options I selected
http://timestamp.globalsign.com/?signature=sha2
for both the sha-1 and the sha-2 timestamp server and it worked... that
must have been it.

Thanks for your help. Code signing was really a lot easier this year. I
wonder what it will be like in 2020?

--
Ray Rippey
VMT Software

> Thanks for your help. Code signing was really a lot easier this year. I
> wonder what it will be like in 2020?

Comodo will send you your DNA test kit via snail mail so you can prove who
you are before they issue the certificate.

Then the certificate itself will require a surgical implant for a mere $20K
(60% of which goes to Microsoft for making the OS require it and then 20%
to Comodo for acting as a facilitator.

Friedrich will get an "atta-boy!" for acting as a go-between.


Of course Dan will go in for the implant and end up coming home from the
hospital with a missing body part or two!


:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Damn... That explains how I got the certificate so fast this time.

Bob Robesky

> Damn... That explains how I got the certificate so fast this time.

:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

>> Thanks for your help. Code signing was really a lot easier this year. I
>> wonder what it will be like in 2020?
> Comodo will send you your DNA test kit via snail mail so you can prove who
> you are before they issue the certificate.

Oh.. that's why I had to pull my hair out by my roots!

--
Ray Rippey
VMT Software

> Oh.. that's why I had to pull my hair out by my roots!

:-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProDocument, ImageEx, ProScan, ProImage, ProPath
and other Clarion developer tools!
www.seal-soft.com - The xProduct Clarion templates - xWordCOM, xToolTip,
xDataBackup Manager and more!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

> Quite a few Windows 7 systems
>do not support dual code-signing (you need a very specific patch level in
>Win7).
>

You speak of Windows 7 systems on the developer side, which are bitchy on dual signing.

This does not mean any customer target computers, right?

I am so easily to be confused!



Regards,
Wolfgang Orth
www.odata.de

Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.

Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.

Hi Wolfgang,

>> Quite a few Windows 7 systems do not support dual code-signing (you
>> need a very specific patch level in Win7).
>>
>
> You speak of Windows 7 systems on the developer side, which are bitchy on
> dual signing.
>
> This does not mean any customer target computers, right?
>
> I am so easily to be confused!

;-)

Yes, that's correct. Running a dual code-signed application on Windows 7 is
never a problem (customer site). Only creating the dual code signature is a
problem on some Windows 7 machines (developer side).

Friedrich