Installing Visual COBOL in an Offline Environment

Visual COBOL is typically installed on a machine which is connected to the internet. This makes it easier for the installers to access and download any prerequisites, and that the Visual COBOL installer validates the required certificates.

However, to install in an offline environment, an administrator with internet access must prepare by ensuring that all of the required installers, certificates, and licenses are available to the offline machine.

Preparing and installing

  1. Visual Studio - an administrator with internet access needs to prepare an offline installation of Visual Studio to make available to the offline machine. Refer to Visual Studio Subscriptions (formally known as MSDN) for instructions on this - a link to the creation of a Visual Studio 2019 offline installer is listed below.

    The following table includes the mandatory components required within an installer. (These are the component names added using the --add parameter.)

    Component name Display name
    Microsoft.Net.Component.4.5.TargetingPack .NET Framework 4.5 targeting pack
    Microsoft.Net.Component.4.5.2.TargetingPack .NET Framework 4.5.2 targeting pack
    Microsoft.VisualStudio.Component.Debugger.JustInTime Just-In-Time Debugger
    Microsoft.VisualStudio.Component.GraphDocument DGML editor
    Microsoft.VisualStudio.Component.NuGet NuGet package manager
    Microsoft.VisualStudio.Component.DockerTools Container development tools
    Microsoft.VisualStudio.Component.VisualStudioData Data sources and service references (Server Explorer)

    The following table includes the optional components, depending on how you plan to use your COBOL development product:

    Component name Display name
    Microsoft.VisualStudio.Component.Web .NET Web development
    Microsoft.VisualStudio.Component.ManagedDesktop.Core .NET Desktop Development (e.g. WPF)
    Microsoft.VisualStudio.Workload.Azure Azure development
    Microsoft.VisualStudio.Component.Wcf.Tooling Windows Communication Foundation (WCF)
    Microsoft.VisualStudio.Component.SQL.SSDT SQL Server Development (e.g. SQL CLR)
    Microsoft.VisualStudio.Workload.NetCoreTools .NET development
    Note: It is recommended that all of these components are included in the installation layout.
  2. Install digital certificates in the offline environment. The procedure differs depending on which binary you use:
    Note: For installations of Visual COBOL version 9.0 Patch Updates 6, 7, and 8, use a GlobalSign certificate instead of a DigiCert certificate. To do this, install the Globalsign certificate CA chain into the local machine store:

    Root CA: https://secure.globalsign.com/cacert/codesigningrootr45.crt

    Intermediate CA: https://secure.globalsign.com/cacert/gsgccr45evcodesignca2020

    Download the crl from: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl

    Binary signed with the old code signing certificate
    If the binary is signed with the old code signing certificate (expired in Aug 2021, SHA1 fingerprint d4:52:52:e5:94:de:be:a8:57:69:13:3a:ba:8f:a3:6c:a5:42:8d:99):
    1. Locate or download the certificates as follows:
      • If you have access to an already-installed version of Visual COBOL on the network, open the Certificate Manager on that machine, locate the two certificates referenced below in the Trusted Root Certification Authorities folder, and export them somewhere accessible.
      • If you do not have access to a working version of Visual COBOL, you can download these certificates from the DigiCert Web site (https://www.digicert.com/digicert-root-certificates.htm)
    2. Install the digital certificates to the offline machine:
      DigiCert Assured ID Root CA       Valid until: 10/Nov/2031 
      Serial #: 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39 
      Thumbprint: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 
       
      DigiCert SHA2 Assured ID Code Signing CA           Issuer: DigiCert Assured ID Root 
      CA 
      Valid until: 22/Oct/2028 
      Serial #: 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08 
      Thumbprint: 92C1588E85AF2201CE7915E8538B492F605B80C6 
    3. Download the following Certificate Revocation List files and copy them to the offline machine:
      • http://crl3.digicert.com/sha2-assured-cs-g1.crl
      • http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
    Binary is signed with the new certificate
    If the binary is signed with the new certificate (expires Aug 31 2024, SHA1 fingerprint F6:58:B0:F3:C7:B5:7B:72:0E:7A:92:AE:19:F6:08:90:CA:32:EB:FD):
    1. Locate or download the certificate files as follows:
    2. Install the certificates to the offline machine using one of the following options:
      certlm utility
      1. Open a command prompt as administrator.
      2. Enter certlm.exe.
      3. On the UI that appears, right click on the appropriate store and select all tasks/import.
      4. Browse to the certificate/crl to import.
      certutil utility
      1. Open a command prompt as administrator.
      2. To add a root CA certificate to the trusted root CA store, enter the following command:
        certutil -addstore -f Root CACertificateFile.crt

        where CACertificateFile is the file name of the root CA certificate file.

      3. To add a root CA CRL to the trusted root CA store, enter:
        certutil -addstore -f Root CACRLFHe.crl

        where CACRLFHe is the file name of the subordinate CA certificate file.

      4. To add a subordinate CA CRL to the intermediate CA store, enter:
        certutil -addstore -f CA CACRLFile.crl

        where CACRLFile is the file name of the subordinate CA CRL file.

    Microsoft certificates
    The required certificates are placed in the certificates sub-folder of the Visual Studio layout folder you created in the previous step. For more information on these, click here.

Running the installation on the offline client machine

  1. Run the offline installation of Visual Studio.
  2. Install the certificates in the Certificate manager - the DigiCert root certificate needs to be installed in the Trusted Root Certification Authorities folder, and the DigiCert Code Signing certificate needs to be installed in the Intermediate Certification Authorities folder.
  3. Run the Visual COBOL installation, appending the skipmstools=1 parameter.
  4. License the product using the License Administration tool.