Who needs a Code Signing ID?
Any publisher who plans to distribute code or content over the Internet or over corporate extranets risks corruption and tampering
How does the Comodo Code Signing solution work?
Comodo Code Signing uses authenticated digital signatures to assure the publisher details and content integrity of downloadable code.
Is the Comodo Code Signing solution the right product for me?
Comodo Code Signing is essential if you wish to protect your reputation as an authenticated code publisher.
Does Comodo certify the content of my code?
No. We certify that the software really comes from the publisher who signed it. We also certify that the software has not been altered or corrupted.
Is Comodo Code Signing the right product for my business?
A Comodo Code Signing certificate is strongly recommended for any publisher intending to distribute code or content over the Internet or over corporate extranets. Customers are aware of the dangers involved and are far more trusting of a signed download.
A Comodo Code Signing certificate is an effective way to distribute authentic software over the Internet. It is a best-of-breed product that offers full protection, ease of use and flexible.
How long can I use my developer certificate?
Code signing certificates are valid for one or two years depending on which life cycle you choose when you purchase the certificate.
Time Stamping Server - Location and usage
In order to sign your code, you pass the code which you want to authenticate through a hashing algorithm and then use your private key to sign the hash, which results in a digital signature. You then build a signature block, which contains the digital signature and the code-signing certificate. Tools like Authenticode let you time stamp the signature block based on the current date and time that a time stamping service provider, such as Comodo, provides. Finally, you bind the time stamped signature block to the original software. Now you can publish the signed software on your Web site for download.
As part of this process you will need to know the URL of Comodo's time stamping server, which is http://timestamp.comodoca.com/authenticode.
Is time stamped code valid after a Code Signing Certificate expires?
Time stamping ensures that code will not expire when certificate expires. If your code is time stamped the digital signature is valid even though the certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the time stamping option during the signing, you must re-sign your code and re-send it out to your customers.
Which utility is used to verify whether the file has been time stamped?
Use the chktrust.exe utility included with the Authenticode SDK tools to verify whether the file has been time stamped. The date and time will be displayed when the file has been time stamped. "Unknown date and time" will appear when the file has NOT been time stamped.
Do code signing certificates last longer than 1 year?
Yes. It is now possible to request a 2-year code signing certificate.
Is there a limit to the amount of applications allowed to be signed with a Code Signing Certificate?
Comodo does not limit you to any specific number. You can sign as many applications with a Code Signing Certificate as you wish, provided that the applications are going to be used for and distributed by the Organization that owns the certificate.
What settings should be enabled to allow a user to receive the certificate pop-up?
- In order to receive the Certificate pop-up when the file is downloaded, you will need to enable a setting in Internet Explorer.
- The setting can be found under: Tools > Internet Options > Advanced > Scroll to the bottom of the list to 'Security'
- Make sure that the following option is checked: "Check for signatures on downloaded programs".
What type of assurance a customer obtains when downloading software signed with Authenticode?
When customer downloads software signed with Authenticode they can be assured of:
- Content Source: The software really comes from the publisher who signed it.
- Content Integrity: The software has not been altered or corrupted since it was signed.
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store?
For Windows XP, everything is Automatic, meaning well over 200 Million customers will automatically have access to all the latest certificates. For older versions of the Windows operating system, it is highly recommended that the latest root update is installed.Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. Install the latest Microsoft root certificate patch here:- Root Update