2016/12/17

It's that time again (code signing certificates)

As I said in a previous, post code signing annoys me these years like as networks did many years ago. I've just had to renew my Comodo code signing certificate, and as usual K-Software (a Comodo reseller) made it as painless as possible. 

The process has not changed, but the graphical interface of Firefox has. So for my own future self and for others in my position now here's how it is done.

Once you have ordered the certificate from K-Software, and they have worked their magic in the case of any hiccups with Comodo, your'll get an email from Comodo, something like this:


Click on the link in the email and  the next thing you'll see is a web page on the Comodo site which asks you to enter your collection code. If all has worked well the collection code will appear in the web page automatically:


Click on the Collect Certificate button and the next screen you see should be like this:





The phrase about backing up the private key is a bit misleading if you intend to use the certificate to digitally sign your executable file. "Backing up" the certificate actually creates the file you'll use to do the code signing. So it is not really just a backup, it is central to the reason I bought the certificate.

You can see the certificate you have just collected by doing this (in FireFox):



And then selecting the certificate you want to view as shown below. Note that you can assure yourself that it is a SHA256 certificate by going into the details tab, also shown below.


 Remember that you save the pfx/p12 file by "backing it up" as shown below:
So if you've managed to save the file you can now use it to sign your executable programs.

And it does not guarantee anything to the person downloading your file, it only gets rid of the big red warning message when they download it. But that warning message could mean a lost sale...








No comments:

Post a Comment