🥇 Activation Certum Code Signing SimplySign - SSLPOINT

Activation Certum Code Signing SimplySign

Instructions for activating a Certum Code Signing certificate in the cloud with SimplySign

SimplySign is a cloud-based service to deploy the certificate in a virtual hardware security module (HSM) due to industry requirements for private key protection.

The SimplySign desktop app makes the certificate available in your local trust store, with your mobile phone acting as the key generator (Multi-Factor Authentication).

Prerequisites

To use SimplySign you need the issued Certum certificate, a smartphone or tablet (Android / iOS), and a desktop PC with internet access

Components

The software for signing your code consists of two components:

(A) SimplySign Mobile Version (Android / iOS)
SimplySign Mobile generates the time-dependent token for logging in to SimplySign (Multi-Factor Authentication)
(B) SimplySign Desktop Version (Windows / MacOS / Linux)
SimplySign Desktop acts as a virtual cryptographic token for your Code Signing certificate.
This virtual token contains the Code Signing certificate and the private key.
The software is available for download on Certum’s website: Certum Software Download

(A) Installation SimplySign Mobile App Code Generator (Android / iOS)

The installation can only be finished after the Code Signing Certificate has been issued.

*) After successful issuance you will receive an email with the subject: “Certificate has been created”
*) You will also receive the access code for SimplySign (2 emails):
“Regaining access to the SimplySign service” and “Secret for regaining access to the SimplySign”
(1) Please install the SimplySign Mobile App for your device: Android or Apple iOS
(2) Follow the link included in the email “Regaining access to the SimplySign service” on your PC and enter the access code from the email “Secret for regaining access to the SimplySign”:

(3) A QR code is now displayed – you will need this for the installation on your mobile device:

(4) Please start the SimplySign Mobile App on your mobile device and click on “Activate application”:

(5) Click on “Other activation methods”:

(6) Click on “QR code” and scan the QR code from step 3:

(7) Select the option “Generate Token” and click on “Finish activation”:

The activation of the SimplySign Mobile App for Multi-Factor Authentication is now complete!

(B) Installation SimplySign Desktop App (Windows, Mac, Linux)

The software is available for download on Certum’s website: Certum Software Download

To register, please enter your SimplySign email address and the current SimplySign Mobile App token:
SimplySign Desktop
After successful authentication, your Certum Code Signing certificate is available in the local keystore and ready for signing.

Signing software and code

You can now sign your software, e.g.:

signtool.exe

1
signtool.exe sign /tr http://time.certum.pl /td sha256 /fd sha256 /a program.exe
signtool.exe sign /tr http://time.certum.pl /td sha256 /fd sha256 /a program.exe
If you have multiple certificates, you can select the certificate with the /n or with the /sha1 parameter:
1
signtool.exe /n "Acme Inc." sign /tr http://time.certum.pl /td sha256 /fd sha256 program.exe
signtool.exe /n "Acme Inc." sign /tr http://time.certum.pl /td sha256 /fd sha256 program.exe
1
signtool.exe /sha1 "a1b2c3d4e5a6b7c8d9e0a1b2c3d4e5a6b7c8d9e0" sign /tr http://time.certum.pl /td sha256 /fd sha256 program.exe
signtool.exe /sha1 "a1b2c3d4e5a6b7c8d9e0a1b2c3d4e5a6b7c8d9e0" sign /tr http://time.certum.pl /td sha256 /fd sha256 program.exe

Mage.exe (Manifest Generation and Editing Tool)

Please input the SHA1 thumbprint of your certificate as CertHash parameter:

1
mage.exe -Sign app.exe.manifest -Algorithm sha256RSA -CertHash a1b2c3d4e5a6b7c8d9e0a1b2c3d4e5a6b7c8d9e0 -TimeStampUri http://time.certum.pl
mage.exe -Sign app.exe.manifest -Algorithm sha256RSA -CertHash a1b2c3d4e5a6b7c8d9e0a1b2c3d4e5a6b7c8d9e0 -TimeStampUri http://time.certum.pl
Note: Please use full paths with inverted quotes

SHA1 Thumbprint

You can check the thumbprint of your certificate in the PowerShell with the following command:

1
Get-ChildItem cert:\ -Recurse -CodeSigningCert
Get-ChildItem cert:\ -Recurse -CodeSigningCert
Certum Code Signing SimplySign