Post a reply to the thread: SetupBuilder and Code-Signing
Click here to log in
What's the name of our main installation product (in uppercase letters), directly followed by the current year?
You may choose an icon for your message from this list
Will turn www.example.com into [URL]http://www.example.com[/URL].
Re: SetupBuilder and Code-Signing Tim, If you request a code-signing certificate then you'll always get a new one. There is no "renew" for certificates. Request a new certificate 10-14 days before your "old" certificate is due to expire and you "should" be on the safe side (but no guarantee). Friedrich
Re: SetupBuilder and Code-Signing
Re: SetupBuilder and Code-Signing Hi My certificated does not expire until June. If I renew early to make sure I get through the process, do I lose time on my cert or do they add 3 years from the current certificate's expire date? Is there any problem with waiting until the cert expires or will that create more work in verification? -Tim
Re: SetupBuilder and Code-Signing Hi Dee, WOW! Very interesting. Thanks so much for sharing !!! Friedrich
Re: SetupBuilder and Code-Signing Hi Everybody! Well, I just got through the process of getting my certificate reissued with SHA2 encryption. My cert was 2 years old, and I had an interesting problem that I'd lost my original private key text file (pvk). I still had my .pfx file, which has the private key info rolled into it...so here's what I did: Comodo only gives you the cert part. And OpenSSL on the PC was too hard for me to figure out. So... I used a tool from DigiCert ( https://www.digicert.com/util/ ) to import my old .pfx file on my new computer. Then I imported the new certificate from Comodo, and the DigiCert utility said "Missing PVK information". It then offered ot search this computer to repair/complete. It found the key file information in my original .pfx file from two years ago, and Wah-Lah! I could export the new certificate as a working complete PFX. I also was able to use the tool to export a split PVK and Cert file from my original .pfx. Very handy! all I needed to remember was my password, which I'd spraypainted on the side of my house so I wouldn't lose it. (Just kidding. I spraypainted it on an interior wall, like all my passwords. I'm very security minded! ) To give credit where credit is due, and also if people need to go ask about making a new pfx...I saw mention of that DigiCert tool on stack overflow: http://stackoverflow.com/questions/6...nd-private-key Our setup is all compiled and I'm testing it now. DAYS before the due date! It's a Christmas miracle!! (We really get behind in this place. ) - Dee Dreslough, Sports Mogul Inc. Long time SetupBuilder user.
Re: SetupBuilder and Code-Signing Thank you Friedrich ! I found more information when reading on and notably the update download link for the sign tool, but nothing about the legal stuff. Regards, Maarten,
Re: SetupBuilder and Code-Signing Maarten, Well, perhaps you are not aware that it is NOT allowed to redistribute signtool.exe? It's only available in the SDK. Microsoft has a very good law firm if you do the wrong thing Never ever make signtool.exe available as a download. If you do, you'll hear from their lawyers. BTW, the documentation is up-to-date! There is a new SHA1 or SHA2 order option for certificates now. The SB compiler will support it in a later build. Friedrich
Re: SetupBuilder and Code-Signing This document is 5 years old. Did nothing change here. Why is it that SetupBuilder does not ship with the latest signtool.exe ?? Regards, Maarten,
Re: SetupBuilder and Code-Signing I was getting what appeared to be random failures during the code signing process with SB 7.5 under Window 7, 32-bit. At times, it would even cause SB to fail/terminate. After some research, I have found that if I have Windows Explorer open on the default \Installs folder where my installs are built, it will fail every time. Select any other folder, and the signing step works every time. It seems Windows 7 puts some kind of hold or watch on the folder it is displaying, and SignTool does not like that at all. I've also run into similar issues with folders being viewed simultaneously between XP, Vista and Win 7 where you can't rename/move/delete files due to these invisible locks. Hope this helps someone, Tom H.
Re: SetupBuilder and Code-Signing Just a heads up... If you use Windows 7, be aware that the CAPICOM.DLL referred to elsewhere here is no longer needed in order to user SIGNTOOL.EXE for code signing. CAPICOM has been deprecated by MS for Win 7. All you need is a Windows 7 version SIGNTOOL.EXE now, and the simplest way to get it is to download the Windows SDK for .NET 3.5SP1 or .NET 4. http://msdn.microsoft.com/en-us/wind.../bb980924.aspx This link leads you to a small stub for the latest SDK version, so you don't need to download the entire SDK. In the installer, just uncheck everything except the 'Tools' option, and then you'll only get a small subset of the SDK that includes the Win 7 version of SIGNTOOL.EXE. Point SetupBuilder at SIGNTOOL.EXE, which you'll find under Program File\Microsoft SDK a few levels down in the \BIN folder. Tom
Re: SetupBuilder and Code-Signing O.D., There's also a new SB tool to ease some of the pain of code-signing items you're installing - the Certificate Profiles tab on the Tools | Options window. It's not a "live" update. If you change your certificate password, for example, it will not automatically update every item you've configured using that profile. But it does make it easy to double-click any #code-sign compiler directive, then click the blue folder icon and choose the profile to update anything to the new code-sign settings. And, of course, it takes out a lot of the hassle of configuring code-signing for items in the first place. Jane
Forum Rules