Центр по випуску EV SSL сертифікатів Geotrust geotrust.evsslcertificationcenter.com. Quick SSL, Credential for Adobe My, True Business ID EV, RapidSSL, Pover Server ID Wildcard, Український центр сертифікації сайтів та верифікації компаній Веб Траст Україна WebTrust - Ukraine
1a.Why do I need
to sign the code I send to GeoTrust?
The code you send to GeoTrust must be signed
for the following reasons. First, GeoTrust must
verify the files submitted were signed with a
certificate in
good standing. Second, GeoTrust must validate the data integrity of the file(s)
submitted. Performing a signature verification test insures the file(s) have
not been altered between the time you signed the file and the time it was
submitted to GeoTrust.
2. Why can't I just sign
my code with the token I get from GeoTrust?
The token you get from GeoTrust contains a certificate
that is recognized by GeoTrust only. This certificate
is not trusted in the Smartphone application
environment. GeoTrust uses this certificate to recognize and grant access
to your Windows Mobile Code Signing Credentials account; in addition
we insure files submitted
in your account were signed by this same certificate (Your certificate).
3. What file suffixes do
I need to sign?
.exe, .dll, .mui, .cab and .cpl files must be signed. Also, a change in Windows Mobile 5 requires you to sign resource-only DLLs.
4. How do I sign code with
my token?
You will sign your code with the signcode.exe application in the SDKs for use in mobile and embedded application development. The SDKs for Microsoft Smartphone 2003, and Windows Mobile 5.0 can be obtained by visiting the following URL: http://msdn.microsoft.com/mobility/downloads/sdks/default.aspx
5. Why does the CAB need
to be signed, too?
The CAB needs to be signed for applications to install.
6. Do I need to sign the
EXE I use for ActiveSync?
No, but the application files delivered within
the ActiveSync self-extracting bundle must be
signed if they are suffixed .exe, .dll, or .mui.
7. What if I run out of
events?
You can purchase more within your Windows Mobile Code Signing Credentials management application.
8. What if I lose my token?
If your token is lost, you must report this to GeoTrust. We will make the associated certificate unusable immediately. In addition, you must request a new certificate. Fees will apply for labor, materials, and postage associated with the new request.
9. What if I forget my
token password?
If you forget your token password you should contact GeoTrust customer support.
An email can be sent to the email address on file for the token.
10. Does GeoTrust test
my software to make sure it works and doesn't have
a virus?
No, GeoTrust does not test the software submitted for signing in your Smartphone
Credentials environment.
11. Does my GeoTrust-signed
application allow me to use Microsoft's Designed
for Windows Smartphone designation?
No. GeoTrust offers a code signing service that allows your application to
run on the Smartphone. Only a Microsoft Certified Testing Partner can grant
you the authority to use the Designed For Windows-Powered Mobile Devices logo
in your packaging and advertising. GeoTrust is not a Testing Partner; such
a service can be obtained from Veritest (http://www.veritest.com)
or QualityLogic (http://www.qualitylogic.com).
12. Someone said this is
going to cost $600 per application, is that true?
The $600 cost people are referring to here is the possible costs of having
your application receive the "Designed for Windows-Powered Mobile Devices" designation.
This process is performed by independent application testing/approval organizations
and is not related to GeoTrust.
13. What is the difference
between code signing and certification?
Code signing is a term used for generic file/application signing. In the Smartphone
environment, this would be the signing process performed on individual files
and applications by both you and GeoTrust. Certification is a term typically
used when referring to third-party validation services. In the scope of Smartphone
code signing service signup, GeoTrust validates your business identity by obtaining
and checking certain business registration documents for your company in addition
to validating individuals with your company. During the use of your service
GeoTrust continually insures files and applications have been submitted by
the validated company.
14. What if my CAB just
contains files that do not need to be signed? You can submit the .cab alone
for signing.
15. What do I do if my
software has a bug and I want to disable it from
affecting user phones?
You request from GeoTrust that the certificate used for signing be revoked.
This would render the application unusable. Please use the information below
to contact the GeoTrust Customer Support Center http://www.geotrust.com/support/index.asp
16. How does certificate
revocation work?
If a certificate that was used for an application signing has been revoked,
the serial number and other relevant information will be placed in a file used
in revocation checking. If the Smartphone environment detects a signing certificate
serial number in this file the application will not be able to install or execute.
17. When GeoTrust revokes
a certificate, does that mean my application will
stop running on the phones immediately?
This depends on the phone and carrier's configurations. If revocation checking
is configured optimally, then applications will stop running immediately. Please
check with your phone service provider.
19. What is a Signing Set
ID?
The SIGNING SET ID is an ID used to associate individual signed files to the
final signed application file which is uploaded. When uploading a file for
the first time which has not yet been associated with and application, a new
SIGNING SET ID will be assigned. You must reference this SIGNING SET ID each
time you upload another signed file which will be packaged in the same final
signed application submitted for re-signing.
20. Do I have a expiration
period before I have to upload all files related
for an application?
Yes, the time between uploading a signed application file, such as a .dll or
.exe for a new SIGNING SET and the time the final signed application is received
for re-signing (.cab), must not exceed four (4) days.
21. What is the "Application/File
Name"?
The "Application/File Name" is a name descriptor for the individual file or
final application being uploaded for re-signing.
22. What is the "Application/File
Version"?
The "Application/File Version" is the version of the individual signed file
or final signed application being uploaded for re-signing. Typically a numeric
value, i.e. 1.0
23. Do I need Comments?
No. Comments are not required, but can be helpful in identifying specific information
about an individual signed file or final signed application that has been
uploaded for re-signing.
24. How do I configure
my system to use the USB Token that contains my
signing ID?
Please refer to the installation instructions. Click
here for more information.
26. What is the size limitation for files?
Files can not exceed 8MB.
27. What if I haven’t used up all my signings before my Administrator Access certificate expires?
An auto-generated email will be sent to the email address supplied during service enrollment informing you that your Administrator certificate is about to expire. If you proceed with the instructions prior to certificate expiration, you will not need to ship your token back to GeoTrust. If you neglect to respond prior to certificate expiration, you will need to ship your token back to GeoTrust to obtain a new Administrator certificate. Processing and shipping fees will apply depending upon your address. Please note, unused signing events can not be utilized without proper access to the Smart phone signing portal.
28. Which Carriers have Smartphones? What are their security models? Click here to see which Windows Mobile-based Smartphones are shipping for use on mobile operator networks.
29. How do I obtain authorization for Privileged Microsoft Mobile to Market Root signing services?
To obtain privileged signing for Windows Mobile Smartphone platform you will need to contact Microsoft at: M2M@microsoft.com and let them know you have enrolled for GeoTrust’s Code Signing Credentials for Windows Mobile and would like to gain access to the Microsoft Privileged signing service. It is important that you first enroll for the GeoTrust Windows Mobile signing service as Microsoft will require you to submit the order ID number we assign to you.
Microsoft will supply prospective developers with instructions on how to submit an application which will be evaluated for compliance with the Microsoft Privileged Certificate Technology Requirements. Proper permission from Microsoft is required before any SmartPhone Credential’s Account can be updated and assigned Root signing access.
30. How can I sign code for the Microsoft Mobile2Market Program?
If you are participating in the Microsoft Mobile2Market program and looking to getting your applications signed, note that we support both Unprivileged and Privileged mode signing. Unprivileged signing is available for all developers through the signing portal by default. However, to access the MS Windows Mobile for Smartphone Privileged signing, you need to get pre-authorized by Microsoft after meeting certain Technology Requirements.
Please contact your Microsoft Mobile2Market contact or send an e-mail to M2M@microsoft.com alias for details and to be authorized to access the MS Privileged root. More details on operator support for Mobile2Market privileged signing is available here.
31. How do I sign my files with the signing services I have been authorized for?
First, you must signup for and obtain Smartphone Credentials. Upon doing this you will receive a hardware token with a digital certificate on it. This certificate is used to gain administrative access to your Smartphone Credentials environment as well as to digitally sign your files and applications prior to upload. Typical steps after Smartphone Credentials service setup:
a. Digitally sign .exe, .dll, .cpl, .cab and .mui files of application. This step is performed utilizing signcode.exe from Microsoft's Smartphone SDK and your certificate which has been issued by GeoTrust and is located on your token. You do not have to access your Smartphone service to perform this step.
b. Go to the SmartPhone signing portal. By default, you will have access to the Microsoft Mobile2Market (M2M) Unprivileged Root signing, that service plus any other signing service you have been authorized for will be listed in the drop down list of the signing portal. Choose the signing service you want to sign your files.
c. Upload each digitally signed file to your Smartphone Credentials service.
d. GeoTrust verifies the file(s) were submitted by you and not altered. GeoTrust then generates a code-confirmation certificate to re-sign your file. The code-confirmation certificate used here will be trusted by the Smartphone environment, allowing execution of correctly signed files.
e. Newly re-signed files will be made available to you for .cab packaging.
f. You will need to bundle all digitally re-signed files into a .cab.
g. Digitally sign the created .cab. This step is performed utilizing signcode.exe and your certificate which has been issued by GeoTrust and is located on your token. You do not have to access your Smartphone service to perform this step.
h. Upload digitally signed final application (.cab) to your Smartphone Credentials service.
i. GeoTrust verifies the .cab was submitted by you and not altered. GeoTrust then generates a code-confirmation certificate to re-sign your .cab. The code-confirmation certificate used here will be trusted by the Smartphone environment, allowing installation of correctly signed application.
32. What are the technology requirements for Microsoft privileged signings?
If you are using the Code Signing Credentials for Windows Mobile to sign code with the Microsoft Privileged certificate, your application must comply with the Microsoft Privileged Certificate Technology Requirements below. These are Microsoft’s additional requirements. Please contact the Microsoft Mobile2Market team at M2M@microsoft.com directly if you have any questions on them.
Publisher shall not:
Modify the value or function of any security policy, including without limitation, any of the security policies accessible through the Security Policy CSP
Modify any keys or name/value pairs in the following registry locations:
HKLM\Drivers
HKLM\Hardware
HKLM\Init
HKLM\Comm
HKLM\Security
HKLM\System
Modify, add, or remove any certificates in the following CAPI stores:
Privileged Execution Trust Authorities
Unprivileged Execution Trust Authorities
Software Publisher Certificate
Modify the application and certification revocation lists
Send any device configuration messages to the CM, block any device configuration messages being sent to the device, or modify the device configuration system
Access or modify the Metabase, the Metabase CSP and the underlying database
Modify or circumvent any DRM protection of any device, content, or applications
Overwrite or shadow any system files
Modify any part of the ROM image
Modify the boot sequence
Access any part of the device hardware through any means other than the APIs published in the Software Development SDK for the particular version of the MS Smartphone software.
Publisher shall only:
access and use those APIs that are listed in the Software Development Kit (“SDK”) for the particular version of Microsoft Smartphone Software (e.g., 2003, Windows Mobile 5.0, etc.);
access and use DeviceIDs and other device information only through system APIs listed in the SDK for the particular version of the Smartphone Software;
access and use file systems through the file system APIs listed in the SDK for the particular version of such Microsoft Smartphone Software.
Notwithstanding the limitations set forth in A and B above, hardware developers that are Publishers of device drivers may:
Modify the keys or name/value pairs in Modify any keys or name/value pairs in the following registry locations: HKLM\Drivers, HKLM\Hardware, HKLM\Init during the installation of a hardware device or within a device driver solely as necessary for making the hardware peripheral device functional.
Access and use any of the Smartphone Software APIs solely to the extent necessary for the development of the device driver.
Access the device hardware directly using means such as assembly code or direct memory manipulation solely to the
extent necessary to make the hardware peripheral device functional.
33. How do I obtain authorization for Nextel-Sprint Root signing services?
To obtain privileged signing for the Nextel-Sprint signing service you will first need to enroll for SmartPhone Credentials. Once enrolled, you will then need to contact Nextel at: nextel@custhelp.com.
Nextel-Sprint will supply prospective developers with instructions on how to submit an application which will be evaluated for authorization to their signing services. Proper permission from Nextel-Sprint is required before any SmartPhone Credential’s Account can be updated and assigned Root signing access. For more information on their program, visit http://developer.sprint.com.
34. Can I sign my applications for the Windows Mobile 5 operating system with your signing service?
Yes, our Code Signing Credentials for Windows Mobile will allow you to sign applications for the Windows Mobile 5 OS on both Pocket PCs and Smartphones.
издатель: Український центр сертифікації сайтів та верифікації компаній Веб Траст Україна WebTrust - Ukraine тематика: EV SSL Certification center Geotrust, Центр по випуску EV SSL сертификатов Geotrust, Центр по випуску EV SSL сертифікатів Geotrust, geotrust.evsslcertificationcenter.com Центр по випуску EV SSL сертифікатів Geotrust geotrust.evsslcertificationcenter.com. Quick SSL, Credential for Adobe My, True Business ID EV, RapidSSL, Pover Server ID Wildcard,
SSL сертификаты VeriSign GeoTrust Thawte Comodo GlobalSign TrustWave покупка SSL...