Re: Comodo Certificate Order [August 25, 2015]
Michael,
>I don't know if I am reading this wrong but thia artilcle:
>
> http://blogs.technet.com/b/pki/archi...on-policy.aspx
>
> Under the Code Signing Certificates section, I think it is saying that
> if the code is signed with SHA-1 and has a timestamp before January 1,
> 2016 it will be OK until January 14, 2020.
Yes, if you have timestamped the files with a RFC 3161 compliant trusted
time stamp servers. But you need a very specific Authenticode signing tool
and Windows 7 SP1+ (better Windows 8 or later) to support RFC 3161. IMO,
99% of all developers have used the "standard" Microsoft Authenticode
compatible time stamp :-) As a result, the signature becomes invalid on
January 02, 2016.
Friedrich
Re: Comodo Certificate Order [August 25, 2015]
> The code-signature becomes invalid on January 02, 2016. What will happen
is...
Thank you for that explaination, Friedrich.
John Newman
Software Partners Australia
C10
Re: Comodo Certificate Order [August 25, 2015]
> If not, at least let Jane do it... she's infamous, notorious AND likes
> the limelight!<g>
Not a single comment... DAMN... I'M IN TROUBLE!!!!
Lee White
Re: Comodo Certificate Order [August 25, 2015]
Maybe because you're infamous, notorious, AND like the limelight!?<g>
Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
Grammar troll's, are the worse.
Re: Comodo Certificate Order [August 25, 2015]
Jeff,
> Maybe because you're infamous, notorious, AND like the limelight!?<g>
Who, ME?!<g>
Lee White
Re: Comodo Certificate Order [August 25, 2015]
Hi Friedrich,
> All system files for SetupBuilder 10 will be dual SHA-1/SHA-2 code-signed
> to be ready for January 1, 2016.
This stuff confuses the hell out of me! Having a look at getting sha-2
code-signing working for a client and leaving it for the morning :-)
BUT. Out of interest and hoping for some clues, went to look at "Properties"
/ "Digital Signatures" of sb8.exe (dated 15/4/2015 - can that really be
latest, think so?) and the "Digest algorithm" is md5.
Suppose I was expecting to see sha1. There is talk of "dual signing", so
maybe I also expected a second sha2 entry in the Signature list...
But there it is: a solitary md5
So why is that???
Thanks,
Simon
Re: Comodo Certificate Order [August 25, 2015]
Simon,
> But there it is: a solitary md5
That's the "Digest algorithm" from his prior certificate. He has a
newer one now which won't be md5!<g>
--
Lee White
RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com
Creative Reporting: http://www.CreativeReporting.com
Product Release & Update Notices
http://twitter.com/DeveloperPLUS
Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
And, now, Windows 10 brings us "The Inch Worm, Bumper Car of Wait!"
The life of a Clarion Developer: https://youtu.be/ozitqabi6UM
1 Attachment(s)
Re: Comodo Certificate Order [August 25, 2015]
Hi Simon,
Exactly what Lee said. Our "old" code-signing certificate did not support
SHA-2. The new one does and in the upcoming SetupBuilder 10 all new files
will be dual SHA-1/SHA-2 code-signed.
Friedrich
Re: Comodo Certificate Order [August 25, 2015]