News
Knowledgebase : > Code Signing

  The private key for a Comodo Code signing certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The PRIVATE KEY is encrypted and stored in the LOCAL KEY DATABASE. COMODO recommends using INTERNET EXPLORER 8+ on Windows and FIREFOX on Mac for certificate enrollment as it is both easy to apply and convenient for the user. To apply for a Code signing certificate, visit the below URL.. https://ww...
The process to follow is: 1. Convert the *.pvk into a *.pfx file using the pvk2pfx tool. This should be in your Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin directory. 2. In Visual Studio 2005, go to Project->Properties->Signing tab. Check Sign the assembly or both depending. Click on the 'Choose the Strong Name Key' combo and select 'Browse'. In the 'File Dialog' choose the *.pfx file you've created in step 1. Click for more information on VSS and code signing from Mi...
When customers buy software in a store, the source of that software is obvious. Customers can tell who published the software, and they can see whether the package has been opened. These factors enable customers to make decisions about what software to purchase and how much to "trust" those products. Customers who download digitally signed Active X controls, dynamic link libraries, .cab files or HTML content from your site can be confident that code really comes from you and hasn't been alte...
Any software publisher planning to distribute code or content over the Internet or through an extranet risks impersonation and tampering. Comodo Code Signing Digital IDs for Microsoft Authenticode protect against these hazards. Comodo offers Code Signing Digital IDs designed for commercial software developers (companies and other organizations that publish software). This class of Digital ID provides assurance regarding an organization's identity and legitimacy, much like a business licen...
Authenticode relies on industry standard cryptography techniques such as X.509 v3 certificates and PKCS #7 and #10 signature standards. These are well-proven cryptography protocols, which ensure a robust implementation of code signing technology. Authenticode uses digital signature technology to assure users of the origin and integrity of software. In digital signatures, the private key generates the signature, and the corresponding public key validates it. To save time, the Authenticode pro...
Customer Confidence Code Signing Digital ID protects (reassures) your customers by assuring them that the integrity of the code they download from your site is intact - that it has not been tampered with or altered in transit. Authenticity After downloading, end users can be sure that the code they obtained really came from you, helping you preserve your business reputation and intellectual property. Digital IDs allow customers to identify the author of digitally signed code and contact th...
Please remember that you must use Internet Explorer (IE) when signing a file. The following types of files can be signed using Authenticode and a Code Signing certificate. *.exe *.cab *.ocx *.dll The Code Signing Certificate is currently for use with Authenticode only Update March 2007: .jar files can also now be signed (again only with Authenticode), however you will need the latest version of java installed so that you have the required roots to allow the certificate to be trus...
Authenticode is currently used to sign 32-bit .exe files (PE files), .cab files, .ocx files, and .class files. In particular, if you are distributing active content such as ActiveX controls for use with such Microsoft end user applications as Internet Explorer, Exchange, Outlook, or Outlook Express, you will want to sign code using Authenticode.
A Digital ID also known as a digital certificate is a form of electronic credentials for the Internet. A Digital ID is issued by a trusted third party to establish the identity of the ID holder. The third party who issues certificates is known as a Certification Authority (CA). Digital ID technology is based on the theory of public key cryptography. In public key cryptography systems, every entity has two complementary keys, a public key and private key, which function only when they ar...
Since key pairs are based on mathematical relationships that can be cracked with a great deal of time and effort, it is a well-established security principle that digital certificates should expire. Your Digital ID will expire on its expiry date. However, most software is intended to have a lifetime of longer than one year. To avoid having to resign software every time your certificate expires, a timestamping service is introduced. Now, when you sign code, a hash of your code will be s...
In order to sign your code, you pass the code which you want to authenticate through a hashing algorithm and then use your private key to sign the hash, which results in a digital signature. You then build a signature block, which contains the digital signature and the code-signing certificate. Tools like Microsoft's SignTool [https://msdn.microsoft.com/aa387764.aspx] let you time stamp the signature block based on the current date and time that a time stamping service provider, such as Comodo...
PLEASE CLICK THIS LINK [HTTPS://WWW.COMODO.COM/PDF/COMODO-CPAC-INTERNET-EXPLORER.PDF]TO GET THE LATEST INSTRUCTIONS ON IMPORTING AND EXPORTING [HTTPS://WWW.COMODO.COM/PDF/COMODO-CPAC-INTERNET-EXPLORER.PDF] YOUR EMAIL CERTIFICATE USING INTERNET EXPLORER [HTTPS://WWW.COMODO.COM/PDF/COMODO-CPAC-INTERNET-EXPLORER.PDF] THE FOLLOWING PROCESS DESCRIBES HOW TO BACKUP CERTIFICATES 1. Start Internet Explorer, select Tools, Internet Options, Content, Certificates 2. On the Personal Certificates tab,...
Sorry, an error has occurred Close this window This error is usually displayed if you are not using Internet Explorer to sign up for a Code Signing Certificate. Since July 2007, other browser that can be used to sign up for a Code Signing Certificate are Opera and Mozilla.
How do I determine the name of the digital certificate to be used to sign the script. I have a *large* number of scripts and exe's that need to be signed. The following scripts from the Microsoft TechNet web site, that signs all scripts in a given folder. The script requires use the SignFile method, specifying both the file name of the script to be signed and the name of the digital certificate to be used to sign the script Microsoft Scripting Guide WSH 5.6 includes the Scripting.S...
Visual Basic for Applications (VBA) code will require you to import the Private Key. To do this you will need a Microsoft tool called pvkimprt.exe The download for this tool can be found at: http://office.microsoft.com/downloads/2000/pvkimprt.aspx
Signing Microsoft Office 2K & XP VBA Macros with a Comodo Code-Signing Certificate. Must have these: * Microsoft's tool to import PVK files: Download the PVK import tool from Microsoft (pvkimprt.exe) * Your code signing certificate from Comodo (as PVK and SPC files). If you do not have these files. Follow these directions here Preparation: Click to obtain your Code Signing Certificate from Comodo Procedure: 1. Install pvkimport you downloaded from Microsoft. Remember t...
Signing Open Office 2.0 Macros with a Comodo Code-Signing Certificate. This document details the process needed to sign Microsoft Office 2000 & XP VBA macros with a Comodo Code-Signing certificate including a worked example. All web links are provided for illustration purposes only, and are correct at time of publishing. It is recommended that the user checks for any updates that may become available since the publishing of this document. Pre-requisites: * Microsoft's tool to import PV...
I see this error message when collecting codesigning certificate Certificate installation was unsuccesfull! Error: -2146885628 Your certificate appears to be already installed Solution: The Code signing certificate can only be installed on the same machine from where you applied. Do not install the codesigning certificate to different machine, unless the private key has been backed up successfully. The Private key will be stored in the default directory C:\mykey.pvk.
This is a known bug in Microsoft Internet Explorer 4.01 causes this error. To resolve this you have to either upgrade the browser being used or install Service Pack 2 for Microsoft Internet Explorer 4.01 on the machine. The error is a Microsoft error and is not related to the certificate in any way.
Error: 000004c0 The format of the specified password is invalid Answer: Ensure that the password being entered is the one which was entered during the enrollment process, and remember that passwords are case sensitive so ensure that Caps lock is not enabled. 1. Make sure that the files are imported on the original machine the certificate was requested from. 2. Install the latest version of signcode on the machine you are using the certificate on The PVK/SPC file must be converted...
Assembly Signing Using Visual Studio Project Designer's Problem : The .pfx file cannot include certificate chaining information. (If the .pfx file does include this information, the following import error will occur: "Cannot find the certificate and private key for decryption.") Resolution : The most common problem arises when using a .pfx file that contains chaining information. You can remove chaining information from the key file by running the Certificate Manager snap-in (Certmgr...
HOW TO CONVERT PFX/P12 FILE TO SPC/PVK FORMAT EXPORT CERTIFICATE WITH PRIVATE KEY. Use the export wizard with the following options: * Export Private Key (YES) * DO NOT TICK INCLUDE ALL CERTIFICATES IN THE CERTIFICATION PATH IF POSSIBLE * TICK ENABLE STRONG PROTECTION * DO NOT TICK DELETE PRIVATE KEY PREREQUISITE: OpenSSL 0.9.8 or better. OpenSSL 1.x preferred. NOTE: If you are running Windows you may download OpenSSL here [http://www.shininglightpro.com/products/Win32OpenSSL....
Can InstallShield be set to automatically sign the project? We recommend that you consult the softwares help system or help manual for details relating to their product. However, we are aware that InstallShield 11 can be set to automatically sign the project by setting up the 'Digital Signature' option under 'Build', 'Release Wizard'. The 'Digital Signature' options area number of steps through the wizard, but the screen will look like this: For details of what to set in each field...
A pdf How-To for this process can be downloaded: https://support.comodo.com/uploaded/UsingComodoAuthenticodeCertificateforJava.pdf
From looking at the error there are two resolutions that can be recommended. The first is on the error message that you are receiving http://support.microsoft.com/default.aspx?scid=kb;en-us;246183 The above threads from Microsoft explains the cause discusses what can possibly be done to resolve it . Once this has been followed and the modifications made then reapplying for the certificate should resolve the error . The second method for resolving this is slightly simpler and more o...
If you have successfully installed your certificate, however you wish to make a backup with the private key, if you do not have full admin rights, Windows will not allow it. You must give your self access to the MachineKeys Folder: Open Microsoft Windows Explorer. Locate the "%SystemDrive%Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys" (assuming you have a clean install) folder. There are several files located in this folder. Each file in this folder corre...
Changing from AT_KEYEXCHANGE (1) to AT_SIGNATURE (2) Using CertUitl from Windows Server 2003 SP1 or later you can force KeySpec to match your wishes/needs when importing a PFX (aka PKCS#12) file. The steps to follow are: Using the "Certifiates" MMC export the existing keyset (KeySpec=1) to a PFX file. Note: Please backup this file to a safe location and test if the file can be imported ok on another machine before moving on to the next step. Delete the existing certificate from the ...
Prerequisites (Must haves) * Microsoft's tool to import PVK files (For Windows 2000/XP Only!) * Your code signing certificate from Comodo (as PVK and SPC files). Install pvkimport you downloaded from Microsoft. Note: Remember the paths to where you installed it (c:\codesign\) Copy your certificate/key (mycert.spc & mykey.pvk) files to the directory where you installed 'pvkimport' Open a command-prompt and change to the folder where you installed 'pvkimport'. (c:\codesign\) Combin...
Question:     When I try to verify I signed my code correctly, SignTool reports the following error: SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Answer:     This is because of the "verify" command you may have run: signtool verify myfile.exe. If you run this command, signtool will use the Windows Driver Verification Policy. In order for your file to "verify" properly you need to inclu...
CERTIFICATE: (openssl x509) Data: Version: 3 (0x2) Serial Number: 2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af Signature Algorithm: sha384WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority Validity Not Before: May 9 00:00:00 2013 GMT Not After : May 8 23:59:59 2028 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA Subject Public Key Info: Public Key Algo...
                                   CODE SIGNING (SHA-2) ROOT LEVEL: AddTrustExternalCARoot.crt TEXT PEM Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root Validity Not Before: May 30 10:48:38 2000 GMT Not After : May 30 10:48:38 2020 GMT Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External ...
HOW TO VERIFY YOUR CODE SIGNING CERTIFICATE IS INSTALLED After generating your code signing certificate, we recommend that you take a second to verify that your certificate is installed in the browser’s Certificate Store. Internet Explorer Chrome Firefox   INTERNET EXPLORER: VERIFYING YOUR CLIENT CERTIFICATE IS INSTALLED * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on ...
HOW TO EXPORT YOUR CODE SIGNING CERTIFICATE After installing your code signing certificate, you may need to export the certificate for use on a different computer, for signing code, etc. Internet Explorer Chrome Firefox INTERNET EXPLORER: EXPORTING YOUR CODE SIGNING CERTIFICATE AS A PFX FILE * In Internet Explorer, go to INTERNET OPTIONS. * In the INTERNET OPTIONS window, on the CONTENT tab, click CERTIFICATES. * In the CERTIFICATES window, on the PERSONAL tab, select your c...
ISSUE: Profile Manager does not show a code signing certificate when asked to sign configuration profiles. Please try to import the intermediate certificate files manually on the IOS device through the following URLs: * Intermediate 1:https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certification-authority [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/966/108/intermediate-1-sha-2-comodo-rsa-certific...
The following error may occur when building projects for Microsoft Visual Studio 2008 - 2015. Error: "Cannot import the following key file: mykey.pfx. The key file may be password protected." Cannot import the following key file: mykey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C1D3ACB8FBF1AGK4 SOLUTION 1: * Click Start > All Pro...
  Please use the latest version of signtool for this process. 'SIGNTOOL' available in Windows 8.1 SDK or Windows 10 SDK should be good.  * Download the Comodo cross-signed CA that matches your Code Signing certificate's Root CA. * Open an elevated Windows command prompt (cmd) and run SIGNTOOL.EXE: signtool.exe sign /v /p /ac "CROSS_SIGNED_COMODO_CA_HERE" /f YOUR_PFX_HERE /tr http://timestamp.comodoca.com/rfc3161 [http://timestamp.comodoca.com/rfc3161] "FULL_PATH_TO_FI...
1. Once the certificate is collected by your browser, export it along with its private key, "include all certificates in the certification path if possible" and "export all extended properties". The exported file will be .PFX or .P12 format. ( Refer the following articles for exporting the PFX/P12 file. ) Export Certificates (Windows) [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1004/0/export-certificates-windows] Exporting Certificates (MAC) 2. Make sure the late...
To download and install the Safenet Authentication Client software for use the COMODO EV Codesigning Certificate, perform the following steps: NOTE: The SafeNet drivers below are compatible with Microsoft Windows 8, 8.1 and 10 for both 32-bit and 64-bit systems, Mac OSX and Linux. * Unplug your EToken/Smartcard from your device (this could be your USB device or CAC card) * Right click and save the SAFENET AUTHENTICATION CLIENT file on your Microsoft Windows computer (Choose 10.3 for Wind...
Please visit: https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40005929-CH1-SW1 [https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40005929-CH1-SW1] CODESIGN DIGITAL SIGNATURES IN MAC OS APPLE CODE SIGNING CERTIFICATE GUIDE MAC OS X (AND 9) SIGNING CODE FROM THE COMMAND LINE Code Signing for Appl...
USE COMMAND JARSIGNER WITH THE CLI (COMMAND LINE INTERFACE) TO SIGN JAVA .JAR FILES 1. Create a file named eToken.cfg that contains the following lines, and save it to your JDK bin folder (e.g. C:Program Files (x86)Javajdk1.7.0_05bin). name=eToken library=c:WINDOWSsystem32eTPKCS11.dll 2. In Windows Explorer, navigate to the JDK folder. 3. In the JDK folder, push and hold Shift, right-click on the bin folder, and select "Open command window here". 4. To view the COMODO EV Code Signing ...
Help Desk Software by Kayako
© 2018 Comodo Security Solutions, Inc. All rights reserved.