Re: Don't order Comodo Certificate from a VISTA machine
This is a followup to some very good instruction by Hal Heindel, but some of his remarks are dated...
HH - Hal Heindel - DT - David Troxell
My company provides additional, updated instruction on the Comodo Code Sign Certificate Order Process with the CHM version of this blog (click on blog link and download CHM from blog).
Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120
HH - DO order the $200 three-year special from Lindersoft. You'll save yourself the very large headache of not having to renew every year, and enough cash to almost buy SetupBuilder.
HH - DO change your account name and password if you already have an account with Comodo and you're ordering (or renewing) through Lindersoft.
HH - DO set up an email box at your domain, i.e. John@mycompany.com, then change your WHOIS email contact address with your Registrar to that email box before you place the order with Lindersoft. Comodo will not issue the certificate to another mailbox.
HH - DO have your DUNS number ready. If you don't have a Dun & Bradstreet number, plan on faxing documents to Comodo that prove your company is who and where you say it is.
DT - A valid current business license - NOT Faxed - but SCANNED and attached in Support ticket is all that is necessary for some companies.
Very helpful summary business documentation requirements provided by Friedrich Linder
http://www.lindersoft.com/forums/showthread.php?t=26424
HH - DON'T order from a VISTA machine. See above. The rocks I'm now throwing at this miserable OS are getting bigger.
DT - This is NO longer true - MANY order through Vista and Windows 7, using FireFox, IE, other browsers AND use export to PFX file format methods.
DT - Example from Comodo - Order using Windows 7 and FireFox - Certificate stored in FireFox - Directions to Export to PFX format
https://support.comodo.com/index.php...d=419&nav=0,96
HH - DO make sure you see the radio buttons "In the CSP" and "In the file," then tick "In the file" and enter the name you want on the certificate (such as C:\MyCompany). Go there to collect both the .spc and .pvk file after the transaction.
DT - This ONLY applies to XP (or W2K) and IE - this is the ONLY way you can get .spc and .pvk file formats during order process. MUST use "In the file," Exportable checkbox - checked
DT - Special NOTE: I used XP PRO and IE in a Virtual Machine to order and retrieve .spc and .pvk file format.
HH - DON'T order the certificate in the CSP wrapper. It's useless that way unless you own Visual Studio and the SDK. Before you can even think about exporting the .spc and .pvk files, you need to convert the certificate to a .pfx file.
DT - MANY are now using Windows 7 and Firefox or IE to order - If you DID NOT use XP (or W2K) and IE - "In the file," Exportable checkbox - checked - any other combination, Windows 7, Vista, Firefox - you MUST export from browser TO PFX format.
DT - If you received your certificate in spc and pvk file format - Jane Fleming includes instructions in her documentation to convert a spc file and pvk file to a singular PFX format using a pvk2pfx program.
http://www.beachbunnysoftware.com/webinar/
DT - If you use signtool.exe - you use the PFX file - that is possibly the ONLY file many will need to code sign certificates - IF you want to use signcode.exe - you use the .spc and .pvk files.
HH - Then, with command-line conversion tools downloaded from Shining Light Productions, to .pem files, then from there . . . you get the idea. Until last Sunday, I didn't even know what a .pem file was! To find out what you're up against, see http://www.tech-pro.net/export-to-pvk-spc.html.
DT - Yes, that is a more difficult conversion process - converting a PFX file to .spc and .pvk file formats.
HH - While entering the .pfx file into SetupBuilder is an option, my guess is you still need the .spc file and your .pvk key.
DT - No guessing needed - :-D
DT - IF you use signtool.exe with SetupBuilder - you need the PFX file.
DT - IF you use signcode.exe with SetupBuilder - you need the .spc and .pvk file
HH - DO make copies of both your .spc certificate and your .pvk key file and store them where you can find them. The certificate is no good without the key, and Comodo can't give you another one.
DT - ONLY applies if you ORDERED using XP (or W2K) and IE - "In the file," Exportable checkbox - checked
HH - DO write down the password you assigned to your .pvk key. The key is useless without the password, and that's another thing Comodo can't give you.
DT - ONLY applies if you ORDERED using XP (or W2K) and IE - "In the file," Exportable checkbox - checked
DT - Hal's screen shot does not display "In the file" selected.
David Troxell - Encourager Software - http://www.encouragersoftware.com/
Reply With Quote
If you get errors then you have set security too high and Authenticode does not work!!!
Originally Posted by linder
