tags:

views:

149

answers:

2
Q: 

Code Signing for Vista with GoDaddy Certificates

We recently purchased a Code Signing certificate from GoDaddy. Following their instructions, we were able to use the SignTool from MS and sign our installer. When installing under XP, this works great.

However, when installing under Vista, if we look at the certificate, it is saying "One of the countersignatures is not valid. The file may have been altered." and the Certificate Information shows "The timestamp signature and/or certificate could not be verified or is malformed."

This is on Vista 32-bit and 64-bit. Again, no issues in XP.

Any ideas?

A: 

I'm just guessing here, but looking at some signed code on my XP box I see that the timestamp certificate chain is distinct from the code signing certificate chain. It is possible that the roots for both chains are trusted for both purposes on XP but only one of those chains is valid on Vista.

GregS  2010-01-27 01:14:28
A: 

I'm assuming it is Kernel-Software that requires a Kernel-Mode certificate. It seems like the time stamp is optional when creating the certificate with GoDaddy. Make sure that a time stamp is included.

Robert  2010-01-27 14:56:22

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL