Comodo Certificate Order [August 25, 2015]

Michael,

>I don't know if I am reading this wrong but thia artilcle:
>
> http://blogs.technet.com/b/pki/archi...on-policy.aspx
>
> Under the Code Signing Certificates section, I think it is saying that
> if the code is signed with SHA-1 and has a timestamp before January 1,
> 2016 it will be OK until January 14, 2020.

Yes, if you have timestamped the files with a RFC 3161 compliant trusted
time stamp servers. But you need a very specific Authenticode signing tool
and Windows 7 SP1+ (better Windows 8 or later) to support RFC 3161. IMO,
99% of all developers have used the "standard" Microsoft Authenticode
compatible time stamp :-) As a result, the signature becomes invalid on
January 02, 2016.

Friedrich

> The code-signature becomes invalid on January 02, 2016. What will happen
is...


Thank you for that explaination, Friedrich.


John Newman
Software Partners Australia
C10

> If not, at least let Jane do it... she's infamous, notorious AND likes
> the limelight!<g>

Not a single comment... DAMN... I'M IN TROUBLE!!!!

Lee White

Maybe because you're infamous, notorious, AND like the limelight!?<g>

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

Grammar troll's, are the worse.

Jeff,

> Maybe because you're infamous, notorious, AND like the limelight!?<g>

Who, ME?!<g>

Lee White

Hi Friedrich,

> All system files for SetupBuilder 10 will be dual SHA-1/SHA-2 code-signed
> to be ready for January 1, 2016.

This stuff confuses the hell out of me! Having a look at getting sha-2
code-signing working for a client and leaving it for the morning :-)

BUT. Out of interest and hoping for some clues, went to look at "Properties"
/ "Digital Signatures" of sb8.exe (dated 15/4/2015 - can that really be
latest, think so?) and the "Digest algorithm" is md5.

Suppose I was expecting to see sha1. There is talk of "dual signing", so
maybe I also expected a second sha2 entry in the Signature list...

But there it is: a solitary md5

So why is that???

Thanks,
Simon

Simon,

> But there it is: a solitary md5

That's the "Digest algorithm" from his prior certificate. He has a
newer one now which won't be md5!<g>

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
And, now, Windows 10 brings us "The Inch Worm, Bumper Car of Wait!"


The life of a Clarion Developer: https://youtu.be/ozitqabi6UM

Hi Simon,

Exactly what Lee said. Our "old" code-signing certificate did not support
SHA-2. The new one does and in the upcoming SetupBuilder 10 all new files
will be dual SHA-1/SHA-2 code-signed.

Friedrich

How to export the certificate:

https://support.comodo.com/index.php...icates-windows