What is the reason to not go with Azure Trusted Signing? Besides if you are outside of North America at the moment.
It seems like the obvious route, so I am wondering if I am missing some drawback or benefit with doing it the old way.
I’m not in America, and it is galling that someone somewhere thinks
that America = {the only place worthy of support}
If you have access to it, Azure Trusted Signing is 100% the way to go. It is both cheaper and easier. I’d recommend nothing else.
While I agree with you, it’s not uncommon for businesses to launch in their own region first and expand. I believe that’s Microsoft’s intention here too. In addition, things like the DMA have made businesses take a good long look at whether or not it’s practical to bring a feature to the EU. I’m not suggesting that the DMA would have anything to do with ATS, just using it as an example of the changes that have made the EU hard tougher market to deal with.
1 Like
They’re happy enough to promote access to Azure for storage and scalable SAAS worldwide. Seems odd all the same.
1 Like
Thom,
What kind of account do you have with Azure? Basic? Pay-as-you-go?
This is weird. I’m certain I responded to this already, but I see nothing here. Anyway, I have a pay-as-you-go account. I don’t use any other Azure services.
Re: Microsoft “Smart” Screen - I’m finding with my OV (regular) certificate, my built apps are triggering these warnings. When this happens, there is a way to submit a request to Microsoft to remove the block.
- On Sep 16 I submitted such a request.
- On Sep 21 Microsoft replied saying they would investigate and should remove the block within 24 hours
- On Sep 23, the file was still being blocked.
So while there is a process to appeal the “smart” screen problem, at best it’s taking Microsoft at least a week to deal with it, and at worst they aren’t actually fixing it even though they claim to.
If you are selling software from a web store, this isn’t an acceptable delay.
I’ve had an OV cert for years. Now and then I hear of the Smartscreen warning, and other virus checkers that implement their own ‘reputation’ check. (Who do they think they are???)
Anyhoo. Ive bought through SSL.com, and the validation took a couple of days. Quite smooth really.
The next hurdles, in order, will be:
-getting the Yubikey via International deliveries. (Int delivery is awful)
-working out how to activate it, and use it from the various guides.
Also oddly, I bought a Yubikey, but they appear to have set me up with eSigner too, which seems to be a cloud-based ‘pay per usage’ service.
I didn’t ask for it, (and have less idea how to use that, or whether using it might actually invalidate the Yubikey), but I’m awaiting more info there.
Contact them and tell them to remove it. They did the same to me. They charge a monthly fee for that and a massive fee of $10 per file signed. They add it hoping you won’t notice.
1 Like
It should be ready to go when it arrives. My suggestion would be to formulate your slightly new codesign command before trying to automate the password entry. Once you can sign files successfully, switch sign tools to the one where you can inject the password.
I had to cancel the eSigner as well. They sent me an invoice for Month #2 and I was like “What… what is this?” They didn’t have any cards for recurring billing, so it thankfully didn’t become a situation. Never used it, never paid for it.
1 Like
Exactly.
I had to contact them and they stated it is included and up to the customer to cancel.
Bonjour,
I received my certificats for the Yubikey but when I tried to sign with “.\signtool sign /sha1 etc…”, I have an error :
SignTool Error: No certificates were found that met all the given criteria.
In certmgr, I see my certificat.
Where is the mistake??
My key arrives tomorrow. If I see the issue or get the same problem, I will let you know!
The identifier that you passed didn’t match a certificate that Windows could find. (Signtool couldn’t figure out which certificate to sign with.)
Are the token drivers installed?
Can you see the certificate details in the YubiKey Manager?
Did you pass the “Subject name” from the certificate with /n?
I don’t understand, sorry.
Do you mean in “Yubico Manager” → “Applications” → “PIV” → “Certificates” → “Authentications” ?
I tried this but I have the same result.
Thanks.
I had a few exchanges with SSL, who asked me to uninstall the certificate, the Yuibikey manager, the Yubikey mini driver, and reinstall everything.
But I had always the same error.
I shared my screen with someone from SSL, and after a while, they asked me to use the “signtool” command from the x86 folder instead of the x64 folder I had initially chosen, and IT WORKED!
SignTool Error: No certificates were found that met all the given criteria.
Yup.
Im getting the same. I am using the x86 folder version. Time to call SSL.com
My understanding was to use the version that matches the platform you are on. My physical Windows 11 machine works correctly using the \x64\ signtool.
If you are using a VM, double check maybe the ARM signtool?
(wild guess, I’m not sure what Mac you have)
Yeah, tried that too.
Certmgr shows I have no certs under Personal, although the Yubikey manager app sees the stick and reports the serial number (which SSL says means that the certificate is installed)
Rebooting at the moment
Jeff, I’ll reach out directly so we can go back and forth on this.
2 Likes