-
Signing Code
Hi!
I'm attempting to get rid of that "Unknown Publisher" message that appears when you run unsigned code on windows, but I'm a bit confused.
What I have:
- a *.cert.pem file. Would this be the same as a spc?
- a *.key.pem file. Would this be the same as a *.key file?
I took them from my apache ssl directory since I already have a certificate for https. Am I able to use the same thing to sign code?
Code:
pvk.exe -topvk -nocrypt -in privkey.key.pem -out out.pvk
makecert.exe -sv out.pvk -n "CN=MyCert" certfile.cer -b <startdate> -e <enddate>
pvk2pfx.exe -pvk out.pvk -spc certfile.cer -pfx PfxFile.pfx -po <password>
signtool.exe sign /f PfxFile.pfx /p <password> <binary exe>
It still shows up as "Unknown Publisher" though, and I'm not even sure that I'm doing it correctly. Would anyone be able to help?
Thanks a lot!
Cheers.
Edit: Perhaps I want to do the following instead?
Code:
pvk.exe -topvk -nocrypt -in privkey.key.pem -out out.pvk
openssl.exe crl2pkcs7 -nocrl -certfile my.cert.pem -outform DER -out my.spc
pvk2pfx.exe -pvk out.pvk -spc my.spc -pfx PfxFile.pfx -po <password>
signtool.exe sign /f PfxFile.pfx /p <password> <binary exe>
