What are CodeSign Certificates?
CodeSign certificates are used for all our binary files. To verify the CodeSign certificates are correct and up to date, the machine running the binaries (e.g. dll or exe files) requires access to specific URLs and domains.
Safe listing requirements
The Sectigo Certificate Authority further advise that exact names of CRLs and certificates can change. Due to this we advise to include the following domains to the Inclusion List:
http://crl.sectigo.com/*
http://crt.sectigo.com/*
http://ocsp.sectigo.com/*
If SSL Certificate Revocation List checking is enabled in your organization, SnapComms Content Delivery Network (CDN) uses the following URLs and needs to be safelisted:
*digicert.com
crl*.digicert.com
ocsp.digicert.com
cacerts*.digicert.com
Testing access to the CodeSign Certificate Authority URL's
To check whether CodeSign Certificate Authority is working please follow these instructions:
1. Go to a signed dll or exe, right click and select properties.
2. Go to the Digital Signatures tab, select the SnapComms certificate and click details.
3. In the details click View Certificate
4. In the certificate go to details and click Copy to File
5. Follow the wizard to export as DER certificate file, e.g. snap.cer
6. Open a command line and CD to the folder where snap.cer is located
7. Use "certutil -URL snap.cer" to bring up the certutil GUI
8. On the right hand side you will see a "Retrieve" box
9. Use the three radio buttons to retrieve all the three different items: Certs, CRLS and OCSP. All of these should work instantly and succeed (verified).
Comments
0 commentsArticle is closed for comments.