Just a heads up to anyone using signed code. When we upgraded to 4.5.0 it broke the old method of signing code which runs as admin using a code signing cert.
The new rules that appear to be different from the old way You used to pick an attribute like fileversion for a registry entry to use with code signing and then you had to actually put in the data. For instance if the file version of the executable you were trying to run was 4.5.1.2 you had to have a registry entry under fileversion with 4,5,1,2 as the data (and yes it was commas, not dots, no idea why). NOW (now being 4.5.0, haven't tried other later versions yet), well now you have the file version entry but NO DATA. Leave it blank. The other change is that you did not need to have the actual code signing cert installed on target machines, only the root cert. No longer. Now you must have the code signing cert installed in each user for each machine IN THEIR PERSONAL CERT STORE. Not trusted root or intermediate. The times I have installed it so far it has not gone by default into the correct store so you must pick the store at certificate install time. We are working at an automated install process here. I will let you guys know if we come up with one that works generally. BTW I found neither of these points in any release notes. IF CISCO IS LURKING OUT THERE AND I AM WRONG, please tell us where these instructions are in the release notes. Also please tell your level one techs about this, the guy I talked to did not know this. Cheers, Dan Sichel Network Engineer and code signing fool Ponderosa Telephone Remember My Sharona? Knuke the NAC!
