Page 1 of 6 123 ... LastLast
Results 1 to 10 of 59

Thread: Comodo Certificate Order [August 25, 2015]

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Default Comodo Certificate Order [August 25, 2015]

    All,

    Requested a new three year Comodo code-signing certificate because our "old"
    one (still valid until September 2016) did not support SHA-2. A new
    certificate always means you have to build a new "reputation" for it. I
    don't want to lose reputation again after one year so I decided to order a
    fresh 3-year one.

    Here is what I did:

    1. Made sure that the WHOIS database for lindersoft.com was up-to-date and
    turned OFF domain registrar's privacy service.
    2. Ordered the certificate on August 24, 2015 at 4:53 PM from a Windows 7
    SP1 (x64) machine using Internet Explorer.
    3. Sent required documents immediately to Comodo.
    4. Received callback status email from the COMODO Validation Team at 11:24
    PM.

    Not too bad. That was quick -- only 6 hours. I am good until August 2018
    now (1096 days). Yeah!

    To start the telephone callback process, I did this:

    1. Opened a LiveChat on Comodo's support website. Chat partner "Martin"
    started the telephone callback procedure.
    2. Received another "Callback" email. In order to review our phone number
    and initiate the callback I had to click a link. Then press a button to
    get a phone call (DON'T close the window!!).
    3. Received the phone call (computer voice) and the "lady" gave me a PIN.
    4. I had to enter that PIN in the previous window.
    5. 30 seconds later I received a "Your Code Signing Certificate is ready!"
    email and collected my new certificate.
    6. Exported the certificate to .pfx format.
    7. Turned ON domain registrar's privacy service.

    All system files for SetupBuilder 10 will be dual SHA-1/SHA-2 code-signed to
    be ready for January 1, 2016.

    Note: Microsoft will cease trusting Code Signing Certificates using SHA-1 on
    January 1, 2016. Organizations need to develop a migration plan for any
    SHA-1 code signing certificates that expire after January 1, 2016.

    --
    Friedrich Linder
    Lindersoft | SetupBuilder | www.lindersoft.com
    954.252.3910 (within US) | +1.954.252.3910 (outside US)

    --SetupBuilder "point. click. ship"
    --Helping You Build Better Installations
    --Create Windows 10 ready installations in minutes
    --Official COMODO Code Signing and SSL Certificate Partner
    Attached Images Attached Images        
    Last edited by linder; 03-22-2018 at 04:24 AM.

  2. #2

    Default Re: Comodo Certificate Order [August 25, 2015]

    LiveChat window, "Your Code Signing Certificate is ready!" email and
    certificate collection.

    Friedrich
    Attached Images Attached Images    

  3. #3

    Default Re: Comodo Certificate Order [August 25, 2015]

    What happened with posibility to get new version with SHA-2 for existing certificates?

    Darko

  4. #4

    Default Re: Comodo Certificate Order [August 25, 2015]

    Darko,

    > What happened with posibility to get new version with SHA-2
    > for existing certificates?

    You will be able to get a free replacement SHA-2 certificate from Comodo if
    your current one support SHA-1 only (e.g. code-signing certificates issued
    after 22nd September 2014 which expires after 2015).

    Friedrich

  5. #5

    Default Re: Comodo Certificate Order [August 25, 2015]

    By the way, you can still use the new SHA-2 based certificates to code-sign
    with SHA-1. Absolutely no problem. But Microsoft will cease trusting Code
    Signing Certificates using SHA-1 on January 1, 2016.

    You can use SetupBuilder 10 to code-sign your files and installations with
    SHA-1, SHA-2 or dual SHA-1/SHA-2.

    Friedrich
    Attached Images Attached Images    

  6. #6

    Default Re: Comodo Certificate Order [August 25, 2015]

    Thanks Friedrich for detailed explanation, but your math still worries me, as
    my 3 year comodo expires at 25.02.2017,
    and you said "free replacement for code-signing certificates issued after 22nd
    September 2014". Mine is issued at 25.02.2014 so it's before 22.09.2014,
    Or I misunderstood what you said?.

    Many thanks
    Darko

  7. #7

    Default Re: Comodo Certificate Order [August 25, 2015]

    Hi Darko,

    Sorry, should read "...issued BEFORE 22nd September 2014 which expires after
    2015...".

    On September 22, 2014 Comodo started the new "SHA-2 only" program.

    Friedrich

  8. #8

    Default Re: Comodo Certificate Order [August 25, 2015]

    Ah, now make sense
    Thanks Friedrich

    Darko

  9. #9

    Default Re: Comodo Certificate Order [August 25, 2015]

    > But Microsoft will cease trusting Code
    > Signing Certificates using SHA-1 on January 1, 2016.

    Does that mean that all previously distributed EXE etc become invalid??????

    Don't make me nervous, man!



    Regards,
    Wolfgang Orth
    www.odata.de

  10. #10

    Default Re: Comodo Certificate Order [August 25, 2015]

    Hi Wolfgang,

    > Does that mean that all previously distributed EXE etc become
    > invalid??????
    >
    > Don't make me nervous, man!

    Windows will stop accepting SHA-1 code-signed files that are time stamped
    AFTER 1 January 2016. SHA-1 code-signed files time stamped by an RFC 3161
    Time Stamp Authority BEFORE 1 January 2016 will be accepted until such time
    when Microsoft decides SHA-1 is vulnerable to pre-image attack.

    Friedrich

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •