Code Signing

This forum is for general support of Xbase++
Post Reply
Message
Author
reganc
Posts: 257
Joined: Thu Jan 28, 2010 3:08 am
Location: Hersham, Surrey, UK
Contact:

Code Signing

#1 Post by reganc »

Has anyone here used Code Signing to authenticate your application exe / dlls and any updates you supply to customers?
Regan Cawkwell
Real Business Applications Ltd
http://www.rbauk.com

User avatar
Tom
Posts: 1165
Joined: Thu Jan 28, 2010 12:59 am
Location: Berlin, Germany

Re: Code Signing

#2 Post by Tom »

Yes, we do, since 2010. Symantec Code Signing.
Best regards,
Tom

"Did I offend you?"
"No."
"Okay, give me a second chance."

Koverhage
Posts: 150
Joined: Mon Feb 01, 2010 8:45 am

Re: Code Signing

#3 Post by Koverhage »

We too (our own exe and dll)
we use
UK OFFICE:
Sectigo Limited - European Office
3rd Floor Building 26
Office Village, Exchange Quay
Trafford Road
Manchester M5 3EQ
United Kingdom
+44 161 874 7070
Sales@sectigo.com
Klaus

reganc
Posts: 257
Joined: Thu Jan 28, 2010 3:08 am
Location: Hersham, Surrey, UK
Contact:

Re: Code Signing

#4 Post by reganc »

Tom wrote:Yes, we do, since 2010. Symantec Code Signing.
Do you use an OV or an EV certificate?

It looks like for our purposes an OV woould be fine.

Is the signing process itself simple?

These certification companies seem to offer pretty much the same service but at quite wildly different prices. Difficult to know which is best for your company.... :-)
Regan Cawkwell
Real Business Applications Ltd
http://www.rbauk.com

User avatar
Tom
Posts: 1165
Joined: Thu Jan 28, 2010 12:59 am
Location: Berlin, Germany

Re: Code Signing

#5 Post by Tom »

We use Microsoft Authenticode certificates from Symantec, standard edition. I renewed them about 16 month ago, next time will be in 8 month. I remember it is a little difficult - we needed to use the same computer again on which the first certificate was installed. IE/Edge are (were?) necessary for that. After the certificates were acquired, we had to export them as PFX-files. We use the "signtool" (cli) for signing the EXEs and DLLs, which is a part of windows and/or available (free) from Microsoft. Signing can be done on any computer that has the PFX and knows the keys. Acquiring the certificate is limited to one computer.
Best regards,
Tom

"Did I offend you?"
"No."
"Okay, give me a second chance."

reganc
Posts: 257
Joined: Thu Jan 28, 2010 3:08 am
Location: Hersham, Surrey, UK
Contact:

Re: Code Signing

#6 Post by reganc »

Thanks, Tom and Klaus

I kind of expected that the certificates worked like that.

I have passed the info on to my colleague, Steve, as he's the one that will ultimately decide who we get the certificate from (and pay for it :-).
Regan Cawkwell
Real Business Applications Ltd
http://www.rbauk.com

Post Reply