+ Reply to Thread
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 42

Thread: Don't order Comodo Certificate from a VISTA machine

  1. #1

    Default Don't order Comodo Certificate from a VISTA machine

    I decided to start a new thread because http://www.lindersoft.com/forums/sho...?t=7489&page=2 started to go off topic.

    Code-signing under VISTA has probably been hammered to death elsewhere on this forum, but it bears repeating. Turns out ordering the certificate wrong wasn't all my idea. Take a look at the two screen captures below, the first VISTA, the second XP. Because the machine I used was running VISTA, I was never even given the option to order the certificate the way it should be ordered for SetupBuilder, as an .spc file and a .pvk key. Same website, same browser, different screens. In the XP version, the default should be changed to "In the file" from "In the CSP." In the VISTA version, that line is missing entirely.

    Anyway, Comodo bent over backwards to make it right. They issued credit for the single file certificate and, within minutes, sent me the two-file version. Impressive! For what it's worth, here are my recommendations for getting a Code-Signing Certificate and avoiding the hassles:

    DO order the $200 three-year special from Lindersoft. You'll save yourself the very large headache of not having to renew every year, and enough cash to almost buy SetupBuilder.

    DO change your account name and password if you already have an account with Comodo and you're ordering (or renewing) through Lindersoft.

    DO set up an email box at your domain, i.e. John@mycompany.com, then change your WHOIS email contact address with your Registrar to that email box before you place the order with Lindersoft. Comodo will not issue the certificate to another mailbox.

    DO have your DUNS number ready. If you don't have a Dun & Bradstreet number, plan on faxing documents to Comodo that prove your company is who and where you say it is.

    DON'T order from a VISTA machine. See above. The rocks I'm now throwing at this miserable OS are getting bigger.

    DO make sure you see the radio buttons "In the CSP" and "In the file," then tick "In the file" and enter the name you want on the certificate (such as C:\MyCompany). Go there to collect both the .spc and .pvk file after the transaction.

    DON'T order the certificate in the CSP wrapper. It's useless that way unless you own Visual Studio and the SDK. Before you can even think about exporting the .spc and .pvk files, you need to convert the certificate to a .pfx file. Then, with command-line conversion tools downloaded from Shining Light Productions, to .pem files, then from there . . . you get the idea. Until last Sunday, I didn't even know what a .pem file was! To find out what you're up against, see http://www.tech-pro.net/export-to-pvk-spc.html. While entering the .pfx file into SetupBuilder is an option, my guess is you still need the .spc file and your .pvk key.

    DO make copies of both your .spc certificate and your .pvk key file and store them where you can find them. The certificate is no good without the key, and Comodo can't give you another one.

    DO write down the password you assigned to your .pvk key. The key is useless without the password, and that's another thing Comodo can't give you.

    Friedrich, did I miss anything?

    Hal Heindel
    Attached Images Attached Images   
    Last edited by linder; 06-03-2014 at 06:13 AM.

  2. #2
    Join Date
    Mar 2004

    Default Re: Don't order Comodo Certificate from a VISTA machine


    Thanks for this most excellent posting. And what you said is also true for the new Windows Server 2008 operating system. Don't order a certificate from a Vista or Windows 2008 machine!

    Thanks so much for your time!

    Friedrich Linder

    "point. click. ship" - that's SetupBuilder 6.7
    Create Windows Vista ready installations in minutes

    -- Official Comodo Code Signing and SSL Certificate Partner

  3. #3

    Default Re: Don't order Comodo Certificate from a VISTA machine

    You're welcome, Friedrich.

    Now that I have a working certificate, time to learn SetupBuilder and go after GEN1053.

    Hal Heindel

  4. #4
    Join Date
    Mar 2004

    Default Re: Don't order Comodo Certificate from a VISTA machine

    Hi Hal,

    There are several possible reasons for Compiler error GEN1053: Code signing process failed. Error Code: -1

    1. Problem with your certificate (expired?). Okay, not in your case <g>
    2. If you are using the timestamp server, perhaps it is not accessible (server down?)
    3. Wrong password
    4. Or see below



    Hope the above helps.


  5. #5

    Default Re: Don't order Comodo Certificate from a VISTA machine

    Thanks, Friedrich

    I should tell you that I'm just experimenting with SetupBuilder this morning - haven't done my homework yet. I'll be able to spend more time revamping my installations for VISTA next week (after I've added more padding to the walls in my office!).

    About GEN1053, the glitch seems to be with code signing the Uninstall. The first screen below is when I use SignTool, the second when I switch to SignCode. Time to download a new SignTool.exe, or use the old PKEY.exe with SignCode?

    Hal Heindel
    Attached Images Attached Images   

  6. #6
    Join Date
    Mar 2004

    Default Re: Don't order Comodo Certificate from a VISTA machine


    If you are using SignCode.exe (the default option) then you need the .SPC and .PVK files.

    If you switch to SignTool.exe then you need a .PFX file! It says "optional" because the use of SignTool.exe is optional.

    So your SignTool.exe is okay (if you have downloaded the file from Microsoft and the path to it has been added in Tools | Options... | File Locations -> Digital Signature. The next step is to use your .PFX file and you are done

    Does this help?


  7. #7
    Join Date
    Mar 2004

    Default Re: Don't order Comodo Certificate from a VISTA machine

    BTW, see attached screenshots

    Attached Images Attached Images   

  8. #8

    Default Re: Don't order Comodo Certificate from a VISTA machine


    How do I remove code signing from the Uninstall? And is there a reason why the Uninstall should be code signed in the first place?

    I decided to stick with SignCode for the moment to isolate the glitch. I don't have a problem code signing my app (see the compiler screen shot), but still get the Uninstall error message.

    Hal Heindel
    Attached Images Attached Images     

  9. #9

    Default Re: Don't order Comodo Certificate from a VISTA machine

    Eureka! Found the solution.

    Since the problem had to do with code signing the Uninstaller Exe, not my app, I first ticked "No Digital Signature" for the Installer Exe, which compiled successfully, then ticked "Digital Signature" to re-enable signing the installer package, which then compiled successfully as well.

    Looks like all I needed to do was clean the cobwebs out of the closet. If the rest of learning SetupBuilder goes this smoothly, I'm heading for the Costa del Sol this year.

    Thanks, Friedrich

    Hal Heindel
    Attached Images Attached Images   

  10. #10
    Join Date
    Mar 2004

    Default Re: Don't order Comodo Certificate from a VISTA machine

    Perfect! Thank you for the good news, Hal


+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts