IPB

Welcome Guest ( Log In | Register )

> foobar2000 Tech Support Forum Rules

Please read foobar2000 Tech Support Forum Rules before posting and comply with all the points.
Failure to provide all the information pointed out in the above document in your post is considered wasting other people's time and in extreme cases will lead to your topic getting locked without a reply.


See also: Hydrogenaudio Terms of Service.

 
Reply to this topicStart new topic
Signing foobar2000.exe and cert expiration
attachmentDownlo...
post Jan 15 2015, 22:46
Post #1





Group: Members
Posts: 7
Joined: 13-November 14
Member No.: 117803



Piotr Pawlowski's certificate will expire on 2015-03-30. But the signature on the foobar2000_v1.3.7.exe does not have a timestamp. Therefore after the certificate expires, Windows and other tools will treat the signature as invalid.

To avoid having the signature invalidated please add option "/t http://timestamp.verisign.com/scripts/timstamp.dll" when you next time invoke "signtool.exe sign". This will add Verisign's timestamp ("counter-signature") to the binary, prolonging validity of the signature until the day Verisign's cert expires, i.e. practically forewer.
Go to the top of the page
+Quote Post
kode54
post Jan 16 2015, 05:46
Post #2





Group: Admin
Posts: 4786
Joined: 15-December 02
Member No.: 4082



That requires an EV (Extended Validation) certificate. EV certificates are Serious Business.
Go to the top of the page
+Quote Post
attachmentDownlo...
post Feb 1 2015, 21:10
Post #3





Group: Members
Posts: 7
Joined: 13-November 14
Member No.: 117803



Timestamps do not require an Extended Validation certificate. Time-stamping is available to anyone, even for for people with self-signed certificates. (In fact the time-stamping server does not see who requests the timestamp.) Your linked article does not mention code signing or even Extended Validation. Also, Wikipedia article about EV certificates talks about website certificates only.

Indeed, Code Signing does need a certificate that is issued by a CA that is recognized by Microsoft. But Piotr Pawlowski already does have such certificate, you can see it by opening Properties window of the installer.
Go to the top of the page
+Quote Post
Case
post Feb 2 2015, 11:26
Post #4





Group: Developer (Donating)
Posts: 2413
Joined: 19-October 01
From: Finland
Member No.: 322



With regular StartSSL certificates timestamping doesn't work. I couldn't find any official word from StartCom on this matter but I too ran into it when I had their certificate for own use. Here's a mention of the issue.
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 31st July 2015 - 07:18