Certum Cloud CODE signing - FAQ
Information on signing SW using CODE Signing certificates secured via of the SSLmentor project.
SimplySign App on another mobile phone
If you need to change your mobile phone for the SimplySign App, you need to ask CA Certum (contact) for a new QR code to activate the app.
"If you want to change the device that you have installed it on, please contact us so we can send you a QR code for this process."
Can I have SimplySign App on multiple phones?
Yes, we have tested and use the SimplySign app on 2 mobile phones. If you save the activation QR code safely, you can use it to activate SimplySign on another mobile phone as well. Please note that the activation QR code allows full access to your CODE certificate and must be stored safely!
QR code to activate SimplySign is not displayed
The SimplySign activation QR code is displayed after successfully entering the password sent. If you do not see the QR code, try a different browser. For example Edge or FireFox. You may have some extensions in your browser that prevent the QR code from being displayed.
Is it possible to have the certificate connected non-stop?
No, it is not possible. SimplySign Desktop has an active connection established for 2 hours. A new token must then be generated in SimplySign. It is possible to sign an unlimited number of codes during an active connection.
Can I get a CODE certificate as an individual person?
Yes, it is possible. Requesting a certificate for a private person requires proof of identity and proof of address from the certificate details. The address can be documented, for example, by an invoice for energy, a telephone, or an official confirmation of the address in the document.
What is the difference between a PFX file and a cloud certificate?
From the summer of 2023, it is not possible to issue exportable CODE certificates and it is therefore no longer possible to have a certificate in an encrypted PFX file. Certum Cloud Code Signing certificate connects to PC using SimplySign Desktop an application that emulates a crypto card with a certificate located in the cloud. Changing the location of the certificate requires developers to modify their software signing workflow. Sometimes more complicated signings can take longer, but we have overwhelmingly received positive feedback on the new way of signing.
Can I sign my applications with ClickOnce?
YES. ClickOnce allows you to create auto-updating Windows applications. In case SimplySign Desktop is not actively connected to the certificate, the login window for inserting the token from SimplySign App is activated and after successful connection, signing is started.
Can I use the CODE certificate with CI/CD tools?
CI/CD tools help developers quickly build, test, and deploy application updates through automated channels. Before ordering a CODE signing certificate from CA Certum, it is necessary to consider the deployment procedures and whether the "restriction" of the length of the 2-hour window is sufficient for signing. We always recommend going through the entire signing workflow and then deciding whether to buy the certificate. Unfortunately, a CODE certificate for testing cannot be provided.
SignTool Error: No certificates were found that met all the given criteria
An error that occurs exceptionally for some customers with SimplySign Desktop version 9.1.8.61 (December 2023) installed.
The solution is to install using a file with the .MSI extension.
SignTool Error: Specify the RFC 3161 timestamp server's URL instead with /tr
Dual-sign SHA256 and SHA1 with time server http://time.certum.pl/ ends with an error "SignTool Error: The /t option is incompatible with the /as option" and "SignTool Error: Specify the RFC 3161 timestamp server's URL instead with /tr".
Based on customer experience, DigiCert's time server works for dual-sign signing http://timestamp.digicert.com/.
sign /n "CODE cert" /t http://timestamp.digicert.com/ /fd sha1 /v test.exe
sign /n "CODE cert" /tr http://timestamp.digicert.com /fd sha256 /as /v test.exe
SHA2 support in Windows operating system
Microsoft has started the migration and update process to support SHA-2 since 2019.
It publishes an overview of the information on the page SHA-2 Code Signing Support requirement for Windows and WSUS.
Back to Help
Found an error or don't understand something? Write us!
