What are CodeSign Certificates?

CodeSign certificates are used for all our binary files. To verify the CodeSign certificates are correct and up to date, the machine running the binaries (e.g. dll or exe files) requires access to specific URLs and domains.

Safe listing requirements

The Sectigo Certificate Authority further advise that exact names of CRLs and certificates can change. Due to this we advise to include the following domains to the Inclusion List:

http://crl.sectigo.com/*
http://crt.sectigo.com/*
http://ocsp.sectigo.com/*

Testing access to the CodeSign Certificate Authority URL's

To check whether CodeSign Certificate Authority is working please follow these instructions:

1. Go to a signed dll or exe, right click and select properties.

2. Go to the Digital Signatures tab, select the SnapComms certificate and click details.

3. In the details click View Certificate



4. ​​​​In the certificate go to details and click Copy to File

5. Follow the wizard to export as DER certificate file, e.g. snap.cer



6. Open a command line and CD to the folder where snap.cer is located

7. Use "certutil -URL snap.cer" to bring up the certutil GUI



8. On the right hand side  you will see a "Retrieve" box

9. Use the three radio buttons to retrieve all the three different items: Certs, CRLS and OCSP. All of these should work instantly and succeed (verified).