Installing Visual COBOL in an Offline Environment

Visual COBOL is typically installed on a machine which is connected to the internet. This makes it easier for the installers to access and download any prerequisites, and that the Visual COBOL installer validates the required certificates.

However, to install in an offline environment, an administrator with internet access must prepare by ensuring that all of the required installers, certificates, and licenses are available to the offline machine.

Preparing and installing

Visual Studio - an administrator with internet access needs to prepare an offline installation of Visual Studio to make available to the offline machine. Refer to Visual Studio Subscriptions (formally known as MSDN) for instructions on this - a link to the creation of a Visual Studio 2019 offline installer is listed below.

The following table includes the mandatory components required within an installer. (These are the component names added using the --add parameter.)

Component name	Display name
Microsoft.Net.Component.4.5.TargetingPack	.NET Framework 4.5 targeting pack
Microsoft.Net.Component.4.5.2.TargetingPack	.NET Framework 4.5.2 targeting pack
Microsoft.Net.Component.4.6.1.TargetingPack	.NET Framework 4.6.1 targeting pack
Microsoft.VisualStudio.Component.Debugger.JustInTime	Just-In-Time Debugger
Microsoft.VisualStudio.Component.GraphDocument	DGML editor
Microsoft.VisualStudio.Component.NuGet	NuGet package manager
Microsoft.VisualStudio.Component.DockerTools	Container development tools
Microsoft.VisualStudio.Component.VisualStudioData	Data sources and service references (Server Explorer)

The following table includes the optional components, depending on how you plan to use your COBOL development product:

Component name	Display name
Microsoft.VisualStudio.Component.Web	.NET Web development
Microsoft.VisualStudio.Component.ManagedDesktop.Core	.NET Desktop Development (e.g. WPF)
Microsoft.VisualStudio.Workload.Azure	Azure development
Microsoft.VisualStudio.Component.Wcf.Tooling	Windows Communication Foundation (WCF)
Microsoft.VisualStudio.Component.SQL.SSDT	SQL Server Development (e.g. SQL CLR)
Microsoft.VisualStudio.Workload.NetCoreTools	.NET Core development

Note: It is recommended that all of these components are included in the installation layout.

Install digital certificates in the offline environment. The procedure differs depending on which binary you use:
Note: For installations of Visual COBOL version 7.0 Patch Update 24, use a GlobalSign certificate instead of a DigiCert certificate. To do this, install the Globalsign certificate CA chain into the local machine store:
Root CA: https://secure.globalsign.com/cacert/codesigningrootr45.crt

Intermediate CA: https://secure.globalsign.com/cacert/gsgccr45evcodesignca2020

Download the crl from: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl
Binary signed with the old code signing certificate
If the binary is signed with the old code signing certificate (expired in Aug 2021, SHA1 fingerprint d4:52:52:e5:94:de:be:a8:57:69:13:3a:ba:8f:a3:6c:a5:42:8d:99):
1. Locate or download the certificates as follows:
  - If you have access to an already-installed version of Visual COBOL on the network, open the Certificate Manager on that machine, locate the two certificates referenced below in the Trusted Root Certification Authorities folder, and export them somewhere accessible.
  - If you do not have access to a working version of Visual COBOL, you can download these certificates from the DigiCert Web site (https://www.digicert.com/digicert-root-certificates.htm)
2. Install the digital certificates to the offline machine:
```
DigiCert Assured ID Root CA       Valid until: 10/Nov/2031 
Serial #: 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39 
Thumbprint: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 
 
DigiCert SHA2 Assured ID Code Signing CA           Issuer: DigiCert Assured ID Root 
CA 
Valid until: 22/Oct/2028 
Serial #: 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08 
Thumbprint: 92C1588E85AF2201CE7915E8538B492F605B80C6 
```
3. Download the following Certificate Revocation List files and copy them to the offline machine:
  - http://crl3.digicert.com/sha2-assured-cs-g1.crl
  - http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Binary is signed with the new certificate
If the binary is signed with the new certificate (expires Aug 31 2024, SHA1 fingerprint F6:58:B0:F3:C7:B5:7B:72:0E:7A:92:AE:19:F6:08:90:CA:32:EB:FD):
1. Locate or download the certificate files as follows:
  - If you have access to an already-installed version of Visual COBOL on the network, open the Certificate Manager on that machine, locate the two certificates reference below in the Trusted Root Certification Authorities folder, and export them somewhere accessible.
  - If you do not have access to a working version of Visual COBOL, download the following files using the provided links:
    
    DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem
    
    DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
    
    DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
    
    DigiCertTrustedRootG4.crt.pem
    
    DigiCertTrustedRootG4.crt
    
    DigiCertTrustedRootG4.crl
2. Install the certificates to the offline machine using one of the following options:
  certlm utility
  
  Open a command prompt as administrator.
  
  Enter certlm.exe.
  
  On the UI that appears, right click on the appropriate store and select all tasks/import.
  
  Browse to the certificate/crl to import.
  
  certutil utility
  
  Open a command prompt as administrator.
  
  To add a root CA certificate to the trusted root CA store, enter the following command:
  certutil -addstore -f Root CACertificateFile.crt
  
  where CACertificateFile is the file name of the root CA certificate file.
  
  To add a root CA CRL to the trusted root CA store, enter:
  certutil -addstore -f Root CACRLFHe.crl
  
  where CACRLFHe is the file name of the subordinate CA certificate file.
  
  To add a subordinate CA CRL to the intermediate CA store, enter:
  certutil -addstore -f CA CACRLFile.crl
  
  where CACRLFile is the file name of the subordinate CA CRL file.
Microsoft certificates

The required certificates are placed in the certificates sub-folder of the Visual Studio layout folder you created in the previous step. For more information on these, click here.

Running the installation on the offline client machine

Run the offline installation of Visual Studio.
Install the certificates in the Certificate manager - the DigiCert root certificate needs to be installed in the Trusted Root Certification Authorities folder, and the DigiCert Code Signing certificate needs to be installed in the Intermediate Certification Authorities folder.
Run the Visual COBOL installation, appending the skipmstools=1 parameter.
License the product using the License Administration tool.