技術(tech)

[Essential for Mac Users] Recovery Procedure for GlobalSign Certificate Download Failures

Introduction

  • Main purpose of this article: Explaining the recovery process for Mac users who selected the wrong certificate download method
  • Important warning: Mac users will face issues if they choose the IE-based download method
  • Technology stack: GlobalSign certificate, USB token, Safenet Client

This article details the precautions for downloading GlobalSign code signing certificates on Mac and provides recovery methods if you accidentally choose the wrong method. I’m writing based on my personal experience facing and resolving this issue.

Target Audience

  • Developers using code signing certificates on Mac
  • Those who have already mistakenly selected the IE-based download option
  • Mac users planning to download certificates in the future

Technical Background and Problems Mac Users Face

  • Code signing certificates are essential for preventing tampering and authenticating developers when distributing software
  • USB tokens are physical devices that securely store private keys
  • The pitfall for Mac users: When applying for GlobalSign certificates, you can choose between two download methods (Fortify and IE). Since IE cannot be used on Macs, you must select Fortify.

Critical Warning

Before starting, please review these important notes:

  • For Mac users (most important): When selecting the certificate download method, never choose the IE-based download option. Since Internet Explorer is not available on Mac, always choose the Fortify method.
  • If you mistakenly selected the IE method: Simply get a Windows device. You can purchase an inexpensive one for around $40. There are also options to run Windows in a virtual environment, though the author has not tested this approach.
  • Certificate download password: Remember to store the password you set during the application process.

Recovery Steps for Those Who Made the Wrong Selection

Recovery procedure based on personal experience

Since IE cannot be used on Macs, if you accidentally chose the IE-based download method, you’ll be unable to download your certificate. Here’s how to handle this situation:

Correct Procedure for Mac Users Before Downloading Certificates

If you’re about to download your certificate, follow these correct steps:

1. Apply for a Signing Certificate (Skip if Already Applied)

  1. Visit the GlobalSign official website (https://www.globalsign.com/).
  2. Log in to your account and apply for a signing certificate.
  3. Important: Set a certificate download password and store it in a safe place.
  4. Critical: Select the "Install using Fortify" option.
    • Do not select the "Install using Internet Explorer" option!

2. Receive the Certificate and USB Token

  1. You’ll receive an email from GlobalSign when your certificate is ready.
  2. The USB token will arrive by mail (usually around the same time as the certificate preparation email).
  3. Save the information in the email (especially the certificate download link).

3. Install the Safenet Client Tool

You’ll need dedicated software to use the USB token.

  1. Download the Safenet Client tool from the manual link in the email.
  2. Install the Mac version of the Safenet Client.

4. Initialize the USB Token

  1. Insert the USB token into your Mac’s USB port.
  2. Launch the Safenet Client tool and initialize the token.
  3. Set a PIN code for the token and make note of it.

5. Download the Certificate – Mac Users Must Select Fortify

  1. Access the certificate retrieval URL mentioned in the email.
  2. Enter the certificate download password you set during the application.
  3. Select the USB token as the destination for the certificate and enter the PIN.
  4. Confirm that the certificate download and storage are complete.

Summary

  • Essential rule for Mac users: Always select the "Fortify method" when downloading certificates
  • If you made the wrong selection: Prepare a Windows environment or contact support
  • Important information like PIN codes: Store them securely but accessibly
  • If you encounter problems: Contact GlobalSign support immediately

Certificates and USB tokens are crucial security elements. Manage them properly to ensure a smooth code signing process.

Have you encountered similar issues? I’d love to hear about your experiences and solutions in the comments.

References