Announcement

Collapse
No announcement yet.

Code Signing Setup Factory Program

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Code Signing Setup Factory Program

    Today, I signed my first SUF program. It has been a bit of a tough road figuring out how to do this. Once I've gone through the process it's pretty easy. It's just getting the information and sequence of events. The story (for me) went something like this:

    - You have to purchase a certificate. There are two kinds EV and OV (Organizational Validation). If it is for yourself or a small company, then the best would be an OV certificate. They are cheaper anyway. With this certificate, you will still a notice when running the SUF install program, but it says the program is signed and that is what your customer should be looking for.

    - Price of the OV certificate varies greatly. A google search will show a number of places to purchase them. Usually, it's $80 to $600 / yr. The cheaper one that I used was with Sectigo.com .

    - You have to provide phone number and government ID. For example you will have to take a picture of your driver's license and a second picture showing your face and your drivers together so they can prove it's you. They will call you on your phone.

    - Once done you have to collect your certificate. You have to use MS Internet Explorer to do this for they want to run an ActiveX control in the browser. Modern browsers like Firefox, Chrome and Edge will not work. Be sure IE has ActiveX controls enable. Perhaps you have the browser ask permission first before running the ActiveX program. They will send a link and you open the link in IE and allow the control. That sends them a key file that they use to generate your certificate. They will send you an email that you can now download your license. You HAVE to use the same MS IE browser to collect your signing certificate. Again, use the same IE will 'download' your certificate.

    - So, now you have downloaded your certificate but then where is it? It's nowhere to be found. So, you now have to follow this method given by digicert.com as to how to export the certificate to your computer. Here's the process to export the certificate to a location on your harddrive:

    https://www.digicert.com/kb/code-sig...ertificate.htm

    - After doing this, you now know where the certificate is on your harddrive...

    - Prepare your SUF installation program. Now you want to sign it. To do that you have to download a program from digicert. It is here:

    https://www.digicert.com/kb/code-sig...-sign-code.htm

    - This is a utility program that you use to sign your SUF program. Using this utility it's two clicks and you are done. Your SUF is now signed.

    Good luck and I hope you don't have to spend 3 days trying to figure out how this all works as I did.

    Rodney


  • #2
    It does not help much if you just sign the self-extracting setup. You need to sign the installer runtime and uninstaller also, which would be achieved if you follow the instructions in the product documentation regarding code signing.

    Ulrich

    Comment


    • #3
      Ulrich,

      Thank you for the note about using the certificate directly in SUF. I will look into using this technique.
      You are correct, the signing only takes care of the installation exe and not the uninstall exe. I haven't worried too much about the uninstall for it gives the following notice:

      Click image for larger version

Name:	Uninstall.jpg
Views:	83
Size:	21.1 KB
ID:	306070

      Since it has a blue header and valid Verified publisher, I have just gone with this.
      Perhaps others will get different notice depending on their security settings. It would be interesting to know.

      Rodney
      Attached Files

      Comment

      Working...
      X