7

My boss has procured a certificate from Comodo and I've been breaking myself against walls of text trying to find the solution to the problem of getting the certificate into a VB6 application. The certificate itself is in VB6 format and I know like next to nothing about this type of thing. The people at Comodo were just OH so helpful (From my boss, they said he can find something on the internet. Apparently they don't know how big the internet is -.-)

Does signing the project require putting code into the program, or is it just the .exe that gets signed by the MS Authenticode executable files?

Does anyone have like an idiots step by step guide solution for this?

Thanks in advance.

Will
  • 281
  • 1
  • 6
  • 18
  • You need to sign the executable, not the project. If there is a setup, that should also be signed. We use a different certificate company, but perhaps the following will help: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /t http://timestamp.digicert.com /a "C:\Users\Ron\Dropbox\EZIAP\CNIP\bin\Release\EZIAP.exe" – ron tornambe Dec 20 '12 at 21:49
  • Okay, that's... something but back up a step. I see the .exe you're signing but I don't see the certificate. Does it sign it automatically if you have added the certificate to your own machine? By which I mean when you double click the certificate and put in the password for it and then everything goes okay. (I really don't know very much about this stuff) – Will Dec 20 '12 at 23:35
  • I don't really know much either, I just sort of stumbled through it. You definitely need to have the certificate on your PC. My guess is that a security handshake is taking place. Try just substituting your paths for the signtool.exe and the executable and see if it takes. I just use the cmd shell to execute the signtool. – ron tornambe Dec 21 '12 at 00:34

1 Answers1

5

Here is a snippet from our build scripts

set signtool=C:\{cert_path}\signtool.exe sign /f C:\{cert_path}\my_code_sign_current.p12 /p ###### /du "http://mycompany.com" /t "http://timestamp.comodoca.com/authenticode"
%signtool% /d "My Application 1.0" "C:\{binn_path}\App.exe"
%signtool% /d "My Other App 2.0" "C:\{binn_path}\Other.exe"
...

We use older version of signtool.exe (6.0.4002.0) because we had troubles using some timestampimg servers with newer versions (http://www.startssl.com/timestamp).

Note: .pfx and .p12 files -- these are the same PKCS #12 container files, DER encoded

wqw
  • 11,771
  • 1
  • 33
  • 41
  • It worked like a charm. I put it into a .bat file instead of whatever you did there but it did the trick marked as answered thanks a million. – Will Dec 23 '12 at 01:14