Visual COBOL is typically installed on a machine which is connected to the internet. This makes it easier for the installers to access
and download any prerequisites, and that the
Visual COBOL installer validates the required certificates.
However, to install in an offline environment, an administrator with internet access must prepare by ensuring that all of
the required installers, certificates, and licenses are available to the offline machine.
Preparing and installing
- Visual Studio - an administrator with internet access needs to prepare an offline installation of Visual Studio to make available
to the offline machine. Refer to Visual Studio Subscriptions (formally known as MSDN) for instructions on this - a link to
the creation of a Visual Studio 2019 offline installer is listed below.
The following table includes the mandatory components required within an installer. (These are the component names added using
the
--add parameter.)
Component name
|
Display name
|
Microsoft.Net.Component.4.5.TargetingPack
|
.NET Framework 4.5 targeting pack
|
Microsoft.Net.Component.4.5.2.TargetingPack
|
.NET Framework 4.5.2 targeting pack
|
Microsoft.VisualStudio.Component.Debugger.JustInTime
|
Just-In-Time Debugger
|
Microsoft.VisualStudio.Component.GraphDocument
|
DGML editor
|
Microsoft.VisualStudio.Component.NuGet
|
NuGet package manager
|
Microsoft.VisualStudio.Component.DockerTools
|
Container development tools
|
Microsoft.VisualStudio.Component.VisualStudioData
|
Data sources and service references (Server Explorer)
|
The following table includes the optional components, depending on how you plan to use your COBOL development product:
Component name
|
Display name
|
Microsoft.VisualStudio.Component.Web
|
.NET Web development
|
Microsoft.VisualStudio.Component.ManagedDesktop.Core
|
.NET Desktop Development (e.g. WPF)
|
Microsoft.VisualStudio.Workload.Azure
|
Azure development
|
Microsoft.VisualStudio.Component.Wcf.Tooling
|
Windows Communication Foundation (WCF)
|
Microsoft.VisualStudio.Component.SQL.SSDT
|
SQL Server Development (e.g. SQL CLR)
|
Microsoft.VisualStudio.Workload.NetCoreTools
|
.NET development
|
Note: It is recommended that all of these components are included in the installation layout.
- Install digital certificates in the offline environment. The procedure differs depending on which binary you use:
- Binary signed with the old code signing certificate
- If the binary is signed with the old code signing certificate (expired in Aug 2021, SHA1 fingerprint d4:52:52:e5:94:de:be:a8:57:69:13:3a:ba:8f:a3:6c:a5:42:8d:99):
- Locate or download the certificates as follows:
- If you have access to an already-installed version of
Visual COBOL on the network, open the Certificate Manager on that machine, locate the two certificates referenced below in the Trusted
Root Certification Authorities folder, and export them somewhere accessible.
- If you do not have access to a working version of
Visual COBOL, you can download these certificates from the DigiCert Web site (https://www.digicert.com/digicert-root-certificates.htm)
- Install the digital certificates to the offline machine:
DigiCert Assured ID Root CA Valid until: 10/Nov/2031
Serial #: 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39
Thumbprint: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
DigiCert SHA2 Assured ID Code Signing CA Issuer: DigiCert Assured ID Root
CA
Valid until: 22/Oct/2028
Serial #: 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08
Thumbprint: 92C1588E85AF2201CE7915E8538B492F605B80C6
- Download the following Certificate Revocation List files and copy them to the offline machine:
- http://crl3.digicert.com/sha2-assured-cs-g1.crl
- http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
- Binary is signed with the new certificate
- If the binary is signed with the new certificate (expires Aug 31 2024, SHA1 fingerprint F6:58:B0:F3:C7:B5:7B:72:0E:7A:92:AE:19:F6:08:90:CA:32:EB:FD):
- Locate or download the certificate files as follows:
- If you have access to an already-installed version of Visual COBOL on the network, open the Certificate Manager on that machine,
locate the two certificates reference below in the Trusted Root Certification Authorities folder, and export them somewhere
accessible.
- If you do not have access to a working version of Visual COBOL, download the following files using the provided links:
- Install the certificates to the offline machine using one of the following options:
- certlm utility
-
- Open a command prompt as administrator.
- Enter
certlm.exe.
- On the UI that appears, right click on the appropriate store and select all tasks/import.
- Browse to the certificate/crl to import.
- certutil utility
-
- Open a command prompt as administrator.
- To add a root CA certificate to the trusted root CA store, enter the following command:
certutil -addstore -f Root CACertificateFile.crt
where
CACertificateFile is the file name of the root CA certificate file.
- To add a root CA CRL to the trusted root CA store, enter:
certutil -addstore -f Root CACRLFHe.crl
where
CACRLFHe is the file name of the subordinate CA certificate file.
- To add a subordinate CA CRL to the intermediate CA store, enter:
certutil -addstore -f CA CACRLFile.crl
where
CACRLFile is the file name of the subordinate CA CRL file.
- Microsoft certificates
- The required certificates are placed in the
certificates sub-folder of the Visual Studio layout folder you created in the previous step. For more information on these, click
here.
Running the installation on the offline client machine
- Run the offline installation of Visual Studio.
- Install the certificates in the Certificate manager - the DigiCert root certificate needs to be installed in the Trusted Root
Certification Authorities folder, and the DigiCert Code Signing certificate needs to be installed in the Intermediate Certification
Authorities folder.
- Run the
Visual COBOL installation, appending the
skipmstools=1 parameter.
- License the product using the
License Administration tool.