AnsweredAssumed Answered

How do I digitally sign AF DLL's

Question asked by VCampus-METCO on Jul 16, 2020
Latest reply on Jul 22, 2020 by David Hearn

The information relating to digitally signing custom data references in the latest AF client is to the non-expert very confusing and unclear. Is there anywhere step by step instructions as to what I need to do to support this? I have already raised a ticket with OSI but their response was unsatisfactory and unclear so I am hoping that real-world developers will be able to explain it more clearly.

 

The questions / thoughts I have are:

 

  • I see a link to Microsoft authenticode signing - Microsoft Authenticode Signing Instructions. That shows that I have to download and install Windows SDK 8.1, which presumably then gives me the signtool.exe program. So this is all free right or at least if you have MSDN.
  • So prior to using this tool I will have obviously developed by custom DLL. What else is the pre-requisite before running this command? Generate a certificate fo some sort?
  • The article refers to a site http://timestamp.digicert.com. So this is only relevant when signing the DLL? When deployed to site, what if my AF Server / Clients are not connected to the internet. How would a client be able to check the validity on the time on the DLL or does it just read from the certifiate and not attempt to verify against timestamp.digicert.com?
  • Do I need to do anything in my Visual Studio environment relating to digitally siging my DLL. If so what do I need to add/tick/fill in?  
  • How do I know which algorithm to use - SHA-1, HA-256 or none?
  • It talks about using a thumbprint - what is a thumbprint and how do I generate this?
  • How do I generate a certificate? I see mention of doing this from MMC certificates console. I also see  Microsoft Authenticode Code Signing Certificate Authentication. Is this just an alternative way of generating a certificate or is it required but not documented  in Tech Support? It costs  $474/year. What happens after a year - does my DLL no longer work?
  • Also, if a DLL is created by one developer, but leaves. How does someone else go about making changes to it if the certifciates etc are tied to thaty user.

 

Sorry if this is common knowledge to a hard-core developer but to me it is complete gobbledygook and not very well documented, It would be best if OSI had a video describing the process of creating these arther than just pointing to web-sites and hoping that the reader can make sense of it all.

Outcomes