I have code signed and time stamped my executable. Now I have users who are running personal firewalls and they report that when they start my program their firewalls issue a warning that my executable is trying to access the Internet to 126.96.36.199. I know that maps back to Cachefly, and on to usertrust.com, and I assume the OS is just authenticating my certificate but I need to explain the process to my users satisfaction. Can you provide some details for this?
Also, the internet access doesn’t seem to happen on all PC’s, any idea why?
And, last one :), I would think the OS would update its certificate database after the first time it authenticates the exe, and not repeat it every time the exe starts, no?
The PC the software is being installed on is checking for the validity of the code signing certificate using the CRL (Certificate Revocation List).
It is possible to switch off CRL checking in the browser, so that is probably why not all PCs try to access the internet.
The certificate database in the PC is not updated automatically by anything that I am aware of.
And, if its Windows the root certificate update in the updates is set as a ‘none critical’ update, so it has to be selected seperately during any update.
Thanks very much for the information. The OS is windows, typically XP or Vista, and the check for validity of the certificate is happening each time the executable is started. I guess thats expected because the certificate could expire or be revoked at any time.