So I got a customer who requested a new code sign certificate from CheapSSLSecurity.
It was a hard time getting the right kind of file from it, but I still cannot figure out how to make use of it. All the online help is about installing the certificate via Browser on a Windows machine, demanding the use of IE at some places.
I still cannot figure out how to retrieve the password necessary for using ExeWrapper. The request was started with their online tool, and apparently there was no PW entry involved. Instead, I received private and public key which will not install, and their support never answers the question how to retrieve the password.
Has anyone been lucky with that provider? I am really confused about the files â never had such problems before; even for this client with their previous certificate. Someone who could assist me here?
SSL Certiticates do not always need to have a password. Is it possible your does not? Another idea: perhaps they sold you the wrong type (code-signing certificates are special).
Hereâs a copy of a âhow toâ which I wrote, which describes how to do it (using IE11). These instructions assume you are using the Windows SDK and signtool, but I think if you make it through Step 2, you should have a PFX file that would be usable with ExeWrapper?
Retrieve your code-signing certificate from your vendor once it is ready. Important: use IE11 for this step and download your certificate on the same computer you will use for code-signing.
Save the certificate and private key as a PFX format by following these steps in IE11:
Open IE11 on the same computer where you downloaded your certificate.
From the Tools menu, choose Internet Options.
On the Content tab, click the Certificates button.
Select the code-signing certificate you just purchased and downloaded (note: there may be several certificates in the list, be sure to choose the correct one).
Click the Export button.
Choose âYes, export the private keyâ.
Choose âPKCS#12.PFXâ as the kind.
Check the box for âInclude all certificates in the certification path if possibleâ.
Create a certificate password (and remember it for later).
And did they get a Codesign certificate, or an âSSLâ one? because SSL isnt any good for this, and is the default type which site assumes you wantâŠ
I believe it is possible to get a pfx without a password, if thatâs the case you can likely leave the password field in ExeWrapper empty.
I got my certificate in a password protected pfx format from a different provider, Iâm sorry I donât have much more help to offer. I canât recommend this provider anymore because they stopped offering indie-dev friendly pricing.
I need to be renewing my certificate soon, so Iâll be shopping for providers when my eyes recover a little more. With ExeWrapper being in the Omegabundle, I went back into the Microsoft docs for code signing to try to help someone; only to discover theyâve pretty much removed everything about non-EV and non-driver signing.
Windows 11 has me concerned about the future of code signing with non-EV certificates. I wish I had more to tell you, but for now itâs just âTim is concerned.â
Thanks all. Possibly the error was not using IE11 on clientâs side when downloading the certificate. Hope they can fix it.
Is it only me who considers certificate handling on Windows to be really challenging?
Thanks all for your responses. Turned out the customer could not access his original computer anymore, so we are going for another attempt. This time with kSoftware. Which sent an irritating response when we were asking if there could be any troubles exporting to PFX:
an EV level certificate might not be what youâre after then. They are delivered on a token that has to be accessed that way only (no PFX export). The OV level certificate however, does offer that option.
I remember we had an EV certificate in the past, and I read on another thread here kSoftware would be totally fine. Can anyone confirm their response, should we look for another supplier or has something changed regarding EV certs?
