RE: Help for ActiveX (2)

• Previous message: Kunal: "Re: Using Integrated Security for Accessing SQL on Remote Server"
• In reply to: Luca Vanuzzo: "Help for ActiveX (2)"
• Next in thread: Luca Vanuzzo: "Re: Help for ActiveX (2)"
• Reply: Luca Vanuzzo: "Re: Help for ActiveX (2)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 05 Mar 2004 03:48:14 GMT

Hi Luca,

Thank you for using the community. Currently, I am looking into the
question. As I understand, you need sign the cab file which contains an
ActiveX control, and use it in IE. To achieve this, you may following these
steps:

TO CREATE PVK AND SPC FILES
===========================

1) Go to to http://>/certsrv/ (this is the home directory
specified during Certificate Server installation)

2) Select "Certificate Enrollment Tools" link

3) Select "Request a Client Authentication Certificate" link

4) On "Certificate Enrollment Form" press Advanced button

5) On Advanced Settings, specify:
   - Key Spec: Signature
   - Algorithm: MD5
   - Properties:
     . Export Private Keys to a File
     . Allow keys to exported
     . Create a SPC file
   - Usage: Code Signing
   - CSP: Microsoft Base Cryptographic Provider 1.0

6) Press OK

7) On Xenroll dialog box:

    Save PVK file as: <type the path and name for the PVK file>

9) Press OK

10) It goes back to certificate Enrollment Form

11) On Certificate Enrollment Form, specify:
    - Name: <the name that will appear on certificate>
    - Department: <same as above, department>
    - Organization: <same as above, organization>
    - City: <same as above, city>
    - State: <same as above, state>
    - Country: <same as above, country>
    - E-Mail: <same as above, email>

12) Press Submit Request button

13) On Create Private Key Password dialog box, specify:

    - Path and name of the Private Key file

    - Password: ******

    - Confirm Password: ******

14) Press OK (or None if you intent to leave the password empty)

15) It goes to "Certificate Download page"

16) Press Download button

17) On Xenroll dialog box, specify the path and file name for the SPC file.

18) Press OK

19) If a messagebox appears asking about creating a "software publisher
    certificate", answer YES.

20) The PVK and SPC files are OK now. Go to next steps:

TO SIGN CAB OR EXE FILES
========================

1) Download the Authenticode:

   - Go to
http://msdn.microsoft.com/downloads/c-frame.htm?003#/downloads/tools/
   - On the left pane, Tools TOC, select +Microsoft Downloads
   - Select MS Authenticode (IE4)
   - On the right pane, click "Download Authenticode (343K)".
   - Execute the file CODESIGN.EXE to uncompress it to a folder.

2) Place the following files in an empty directory:
   - chktrust.exe (verify signatures)
   - signcode.exe (signing utility)
   - signer.dll (dependency file)
   - *.pvk (private key)
   - *.spc (public key)
   - all unsigned cabs/exes

3) Use the program SIGNCODE.EXE to sign files:
   
   signcode -v private.pvk -spc publickey.spc filename.cab

After these, you can Installing the Trusted Certificates in IE.

For more informaton on this question, you may refer to:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247257

http://msdn.microsoft.com/library/default.asp?url=/workshop/security/authcod
e/signing.asp

I also notice Yanghong had provided you some useful links, you can also
refer them:

http://www.microsoft.com/windows/ie/using/howto/digitalcert/using.asp

Regards,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

• Previous message: Kunal: "Re: Using Integrated Security for Accessing SQL on Remote Server"
• In reply to: Luca Vanuzzo: "Help for ActiveX (2)"
• Next in thread: Luca Vanuzzo: "Re: Help for ActiveX (2)"
• Reply: Luca Vanuzzo: "Re: Help for ActiveX (2)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]