How can I sign an ActiveX control with a code signing certificate and be a verified publisher?

纵饮孤独 提交于 2019-11-28 13:03:47

The question actually contains the correct procedure-- do the signing using a PFX file that contains the root certificate, intermediate certificate, developer certificate, and private key. Also, use a timestamp server. My problem was that I had the wrong root certificate included in my PFX, so the certificate used to sign couldn't chain back to the root.

By request, here's the information about how to create the PFX file. The cert2spc and pvk2pfx that I use below are also in the platform SDK.

cert2spc certpath1.cer certpath2.cer certpath3.cer codesign.spc

Where the list of .cer files includes the root, intermediate, and code signing certificates, and codesign.spc is the output file. Then:

pvk2pfx -pvk privkey.pvk -spc codesign.spc

Running pvk2pfx in this manner starts a wizard that prompts for the private key passphrase, and the location of the output file, and the passphrase for the output file.

Finally, signtool does the actual code signing:

signtool sign /f my_certificates.pfx /p my_passphrase /t http://timestamp.verisign.com/scripts/timstamp.dll my_activex_control.ocx

In retrospect, I might have saved time by using signcode.exe aka the Code Signing wizard (which I think is part of the .NET SDK) which uses .spc and .pvk files directly.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!