none
digitally sign certifcates RRS feed

  • Question

  • I just purchased a certificate from Symantec and I have to digitally sign it, but I don't know how and the links that Symantec gave me are not helpful

    I have to use the following: 

    • pvk2pfx.exe
    • inf2cat.exe
    • signtool.exe

    given that it's a 64 bit system.

    Any suggestions,

    Marlon

    Saturday, July 13, 2013 1:48 PM

Answers

  • I just purchased a certificate from Symantec and I have to digitally sign it, but I don't know how and the links that Symantec gave me are not helpful

    I have to use the following: 

    • pvk2pfx.exe
    • inf2cat.exe
    • signtool.exe

    given that it's a 64 bit system.

    Any suggestions,

    Marlon

    For testing you can sign a certificate locally on the system. But when you go to use the certificate you need a certificate authority (CA) like VeriSign or go daddy which sells certificates to sell you one. Edit: heres a link that explains it from stackoverflow but makecert is the correct utility to make a fake certificate to test a clickonce application or if you need your application signed to test something:

    http://stackoverflow.com/questions/1482476/code-signing-certificate.

    You need to get your certificate from your certificate authority and just find the correct app to import it after you get done testing though.  I'll try to find some articles on the matter but you need the certificates add-on in the MMC (Microsoft management console ). To reach the console type mmc in the start menu's search feature on windows 7.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr


    • Edited by The Thinker Saturday, July 13, 2013 9:27 PM edit 2
    • Marked as answer by marlon_1_1 Wednesday, July 17, 2013 11:39 AM
    Saturday, July 13, 2013 9:21 PM
  • I just purchased a certificate from Symantec and I have to digitally sign it, but I don't know how and the links that Symantec gave me are not helpful

    I have to use the following: 

    • pvk2pfx.exe
    • inf2cat.exe
    • signtool.exe

    given that it's a 64 bit system.

    Any suggestions,

    Marlon

    For testing you can sign a certificate locally on the system. But when you go to use the certificate you need a certificate authority (CA) like VeriSign or go daddy which sells certificates to sell you one. Edit: heres a link that explains it from stackoverflow but makecert is the correct utility to make a fake certificate to test a clickonce application or if you need your application signed to test something:

    http://stackoverflow.com/questions/1482476/code-signing-certificate.

    You need to get your certificate from your certificate authority and just find the correct app to import it after you get done testing though.  I'll try to find some articles on the matter but you need the certificates add-on in the MMC (Microsoft management console ). To reach the console type mmc in the start menu's search feature on windows 7.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr


    Let me guess: pfx files right? I found this thread which is a simple solution but is going to be on the windows server side: http://social.technet.microsoft.com/Forums/windowsserver/en-US/5a613754-0a7f-4157-bc47-97e8b55a2878/importing-certificates-to-the-server

    Tell me if this helps. Edit: just tested this it is available on windows 7 home premium and above too.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr


    • Edited by The Thinker Saturday, July 13, 2013 9:42 PM edit 3
    • Marked as answer by marlon_1_1 Wednesday, July 17, 2013 11:39 AM
    Saturday, July 13, 2013 9:40 PM
  •  Do you want to sign your *.exe or *.dll file?

     If you want to sign exe or dll with digital signature, you should use

     signtool.exe

     What error did you get when you sign your file, could you give more detail?

     here is an example:

    "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe" sign /n "your company"  /d "your file description" /du "yourwebiste" /sha1 "your certificate hash" /t "your timestamp url (optional)" "yourexeordll"

    if you certificate is installed on your machine, you can get your certifcate hash like this:

    Control Panel->internet Options->Content->Certificates->double click your certificate->detail->thumbprint

    then you can see a string value like this:

    ‎7c 8f 15 1d ec fb 27 a8 47 75 76 a7 ee b7 f3 ad 8a ff 81 cd

    remove the spaces in the hash value, this is certificate hash used in signtool.exe

    ‎7c8f151decfb27a8477576a7eeb7f3ad8aff81cd

    if your certificate is *.pfx, you can import it to your personal certificate store like this:

    Control Panel->internet Options->Content->Certificates->Import

     


    • Edited by Jenny1985 Monday, July 15, 2013 12:33 AM remove invalid link
    • Marked as answer by marlon_1_1 Wednesday, July 17, 2013 11:39 AM
    Sunday, July 14, 2013 4:02 AM

All replies

  • I just purchased a certificate from Symantec and I have to digitally sign it, but I don't know how and the links that Symantec gave me are not helpful

    I have to use the following: 

    • pvk2pfx.exe
    • inf2cat.exe
    • signtool.exe

    given that it's a 64 bit system.

    Any suggestions,

    Marlon

    For testing you can sign a certificate locally on the system. But when you go to use the certificate you need a certificate authority (CA) like VeriSign or go daddy which sells certificates to sell you one. Edit: heres a link that explains it from stackoverflow but makecert is the correct utility to make a fake certificate to test a clickonce application or if you need your application signed to test something:

    http://stackoverflow.com/questions/1482476/code-signing-certificate.

    You need to get your certificate from your certificate authority and just find the correct app to import it after you get done testing though.  I'll try to find some articles on the matter but you need the certificates add-on in the MMC (Microsoft management console ). To reach the console type mmc in the start menu's search feature on windows 7.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr


    • Edited by The Thinker Saturday, July 13, 2013 9:27 PM edit 2
    • Marked as answer by marlon_1_1 Wednesday, July 17, 2013 11:39 AM
    Saturday, July 13, 2013 9:21 PM
  • I just purchased a certificate from Symantec and I have to digitally sign it, but I don't know how and the links that Symantec gave me are not helpful

    I have to use the following: 

    • pvk2pfx.exe
    • inf2cat.exe
    • signtool.exe

    given that it's a 64 bit system.

    Any suggestions,

    Marlon

    For testing you can sign a certificate locally on the system. But when you go to use the certificate you need a certificate authority (CA) like VeriSign or go daddy which sells certificates to sell you one. Edit: heres a link that explains it from stackoverflow but makecert is the correct utility to make a fake certificate to test a clickonce application or if you need your application signed to test something:

    http://stackoverflow.com/questions/1482476/code-signing-certificate.

    You need to get your certificate from your certificate authority and just find the correct app to import it after you get done testing though.  I'll try to find some articles on the matter but you need the certificates add-on in the MMC (Microsoft management console ). To reach the console type mmc in the start menu's search feature on windows 7.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr


    Let me guess: pfx files right? I found this thread which is a simple solution but is going to be on the windows server side: http://social.technet.microsoft.com/Forums/windowsserver/en-US/5a613754-0a7f-4157-bc47-97e8b55a2878/importing-certificates-to-the-server

    Tell me if this helps. Edit: just tested this it is available on windows 7 home premium and above too.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr


    • Edited by The Thinker Saturday, July 13, 2013 9:42 PM edit 3
    • Marked as answer by marlon_1_1 Wednesday, July 17, 2013 11:39 AM
    Saturday, July 13, 2013 9:40 PM
  •  Do you want to sign your *.exe or *.dll file?

     If you want to sign exe or dll with digital signature, you should use

     signtool.exe

     What error did you get when you sign your file, could you give more detail?

     here is an example:

    "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe" sign /n "your company"  /d "your file description" /du "yourwebiste" /sha1 "your certificate hash" /t "your timestamp url (optional)" "yourexeordll"

    if you certificate is installed on your machine, you can get your certifcate hash like this:

    Control Panel->internet Options->Content->Certificates->double click your certificate->detail->thumbprint

    then you can see a string value like this:

    ‎7c 8f 15 1d ec fb 27 a8 47 75 76 a7 ee b7 f3 ad 8a ff 81 cd

    remove the spaces in the hash value, this is certificate hash used in signtool.exe

    ‎7c8f151decfb27a8477576a7eeb7f3ad8aff81cd

    if your certificate is *.pfx, you can import it to your personal certificate store like this:

    Control Panel->internet Options->Content->Certificates->Import

     


    • Edited by Jenny1985 Monday, July 15, 2013 12:33 AM remove invalid link
    • Marked as answer by marlon_1_1 Wednesday, July 17, 2013 11:39 AM
    Sunday, July 14, 2013 4:02 AM
  • Thinker,

    Thanks for the info from both you and Jenny...it seems to have worked.

    Question. My surface tablet app is a standalone app and MS failed my certification prcess saying that they don't want an exit button rather they want a suspend resume function.

    DO you know how I can code that? I am new to all of this.

    Thanks

    Marlon

    Thursday, July 18, 2013 4:20 PM
  • Jenny

    Question. My surface tablet app is a standalone app and MS failed my certification prcess saying that they don't want an exit button rather they want a suspend resume function.

    DO you know how I can code that? I am new to all of this.

    Thanks

    Marlon

    Thursday, July 18, 2013 4:21 PM
  • Jenny

    Question. My surface tablet app is a standalone app and MS failed my certification prcess saying that they don't want an exit button rather they want a suspend resume function.

    DO you know how I can code that? I am new to all of this.

    Thanks

    Marlon

    that's a whole different question because phone and tablet certifications require your code to be a certain way not the need for a certificate and would be off-topic in this thread. I think their is a windows marketplace forum  designed to answer those questions.

    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr

    Thursday, July 18, 2013 6:25 PM
  • Jenny

    Question. My surface tablet app is a standalone app and MS failed my certification prcess saying that they don't want an exit button rather they want a suspend resume function.

    DO you know how I can code that? I am new to all of this.

    Thanks

    Marlon

     Sorry for the delayed reply. If you want to sign your windows store apps (metro, windows rt). You should not use signtool.exe.

    By default, visual stuido 2012 generates a temporal certificate for your application and sign your app automatically. If you want to sign your windows store app with another certificate, please do it like this:

    in vs 2012->solution explorer->double click ->package.appxmanifest->packaging->choose certificate->pick from certificate store->select your certificate:

    then it should be ok.

    If your certificate is *.pfx file, please click "select from file" ...

     


    • Edited by Jenny1985 Thursday, July 25, 2013 12:56 AM add select from file option
    Thursday, July 25, 2013 12:53 AM