Codesigning : Part 1 : The Request: Difference between revisions

From DataFlex Wiki
Jump to navigationJump to search

Codesigning : Part 1 : The Request (view source)

Revision as of 12:43, 25 March 2020

637 bytes added ,  25 March 2020
m
Added to Tutorials category
mNo edit summary
m (Added to Tutorials category)
 
(8 intermediate revisions by 2 users not shown)
Line 4: Line 4:
For the record I also provide certificates for a number of my clients, so have gone through this a number of times.
For the record I also provide certificates for a number of my clients, so have gone through this a number of times.


If you're looking for a recommendation on who to use? From my point of view they are all bad, choose the cheapest, you are in the market of selling bits and bytes and they all provide the same bits and bytes. The main difference is the certificate chain you get to use and the associated trust that they claim that this will provide (according to the <s>snake oil vendor</s> Certificate Authority).
=== Who to use? ===
The sales item you sometimes see where they talk about how high the insurance is, is bogus as there is literally nobody ever who has been able to claim such an insurance.


For a codesign certificate you have to go through a process with the supplier of the certificate where you can proof you are who you are.
If you're looking for a recommendation on who to use?
 
From my point of view they are all bad (or good depending on your point of view), choose the cheapest, or where you get the best service.
 
You are in the market of buying bits and bytes and they all provide the same bits and bytes.
 
The main difference is the certificate chain you get to use and the associated trust that they claim that this will provide (according to the <s>snake oil vendor</s> Certificate Authority).
The sales item you sometimes see where they talk about how high the warranty is? It's bogus as there is literally nobody ever who has been able to claim such an insurance. [https://www.troyhunt.com/extended-validation-certificates-are-dead/ 1] [https://scotthelme.co.uk/do-ssl-warranties-protect-you-as-much-as-rocks-keep-tigers-away/ 2]
 
For a codesign certificate you have to go through a process with the supplier of the certificate where you can prove you are who you are.
If you're a company, then they will want something like a recent chamber of commerce abstract or a Dun and Bradstreet (DUNS) number.
If you're a company, then they will want something like a recent chamber of commerce abstract or a Dun and Bradstreet (DUNS) number.
They might also try to contact you on a phone number that you have to provide.
They might also try to contact you on a phone number that you have to provide.


Now the main thing they really need is a so called a "code signing request" file, or a .csr file.
Now the main thing they really need is a so called a "certificate signing request" file, or a .csr file.
There are two main ways of getting this.
There are two main ways of getting this.


=== Creating a CSR via a browser ===
=== Creating a CSR via a browser ===


This is a bit of a weird process as not all browsers are supported and even when the Certificate Authority (CA) website say things like "Firefox is supported".. well that is history already as the old keygen interface most of the Certificate Authorities depend on [https://www.fxsitecompat.dev/en-CA/docs/2019/keygen-support-has-been-dropped/ has been removed] and they do not yet support the new WebCrypto functionality provided by all modern browsers. [https://textslashplain.com/2020/01/19/retiring-internet-explorer/ 1] So utterly confusing.  
This is a bit of a weird process as not all browsers are supported and even when the Certificate Authority (CA) website say things like "Firefox is supported".. well that is history already as the old keygen interface most of the Certificate Authorities depend on [https://www.fxsitecompat.dev/en-CA/docs/2019/keygen-support-has-been-dropped/ has been removed] and they do not yet support the new WebCrypto functionality provided by all modern browsers. [https://textslashplain.com/2020/01/19/retiring-internet-explorer/ 3] So utterly confusing.  


The only one that does work, AFAICT on January 2020, is ... Internet Explorer.
The only one that does work, AFAICT on January 2020, is ... Internet Explorer.
Line 84: Line 92:


Do not put a challenge password here.
Do not put a challenge password here.
to be continued soon...
=== External links ===
1. https://www.troyhunt.com/extended-validation-certificates-are-dead/
2. https://scotthelme.co.uk/do-ssl-warranties-protect-you-as-much-as-rocks-keep-tigers-away/
3. https://textslashplain.com/2020/01/19/retiring-internet-explorer/
[[Category:Development Tools]]
[[Category:How To]]
[[Category:Tutorials]]
Retrieved from "https://dataflex.wiki/index.php?title=Special:MobileDiff/3142...3231"

Navigation menu