Re: Help for ActiveX (2)

From: Luca Vanuzzo (l.vanuzzo_at_deimositalia.com)
Date: 03/05/04 

Date: Fri, 05 Mar 2004 17:12:27 GMT

Hi Luke,

thank you for your help.
I follwed all your instruction (the link
http://msdn.microsoft.com/downloads/c-frame.htm?003#/downloads/tools/ does
not exist, however) to create the certificate and sign my OCX (not CAB or
EXE !).
I imported the certificate from IE in the root trusted authorities; I had no
errors when I sow the certificate
and when I use chktrust for my OCX. But when I load the page from the
develop PC or in another PC
after the download of the OCX I have still the warning message. It seems
that the activex control is not
safe. If I active the execution of unsafe activex I have no warning message
...
Have you got any other idea ?

Thanks,

Luca

"[MSFT]" <lukezhan@online.microsoft.com> ha scritto nel messaggio
news:FYqX1SmAEHA.604@cpmsftngxa06.phx.gbl...
> Hi Luca,
>
> Thank you for using the community. Currently, I am looking into the
> question. As I understand, you need sign the cab file which contains an
> ActiveX control, and use it in IE. To achieve this, you may following
these
> steps:
>
> TO CREATE PVK AND SPC FILES
> ===========================
>
> 1) Go to to http://>/certsrv/ (this is the home directory
> specified during Certificate Server installation)
>
> 2) Select "Certificate Enrollment Tools" link
>
> 3) Select "Request a Client Authentication Certificate" link
>
> 4) On "Certificate Enrollment Form" press Advanced button
>
> 5) On Advanced Settings, specify:
> - Key Spec: Signature
> - Algorithm: MD5
> - Properties:
> . Export Private Keys to a File
> . Allow keys to exported
> . Create a SPC file
> - Usage: Code Signing
> - CSP: Microsoft Base Cryptographic Provider 1.0
>
> 6) Press OK
>
> 7) On Xenroll dialog box:
>
> Save PVK file as: <type the path and name for the PVK file>
>
> 9) Press OK
>
> 10) It goes back to certificate Enrollment Form
>
> 11) On Certificate Enrollment Form, specify:
> - Name: <the name that will appear on certificate>
> - Department: <same as above, department>
> - Organization: <same as above, organization>
> - City: <same as above, city>
> - State: <same as above, state>
> - Country: <same as above, country>
> - E-Mail: <same as above, email>
>
> 12) Press Submit Request button
>
> 13) On Create Private Key Password dialog box, specify:
>
> - Path and name of the Private Key file
>
> - Password: ******
>
> - Confirm Password: ******
>
> 14) Press OK (or None if you intent to leave the password empty)
>
> 15) It goes to "Certificate Download page"
>
> 16) Press Download button
>
> 17) On Xenroll dialog box, specify the path and file name for the SPC
file.
>
> 18) Press OK
>
> 19) If a messagebox appears asking about creating a "software publisher
> certificate", answer YES.
>
> 20) The PVK and SPC files are OK now. Go to next steps:
>
> TO SIGN CAB OR EXE FILES
> ========================
>
> 1) Download the Authenticode:
>
> - Go to
> http://msdn.microsoft.com/downloads/c-frame.htm?003#/downloads/tools/
> - On the left pane, Tools TOC, select +Microsoft Downloads
> - Select MS Authenticode (IE4)
> - On the right pane, click "Download Authenticode (343K)".
> - Execute the file CODESIGN.EXE to uncompress it to a folder.
>
> 2) Place the following files in an empty directory:
> - chktrust.exe (verify signatures)
> - signcode.exe (signing utility)
> - signer.dll (dependency file)
> - *.pvk (private key)
> - *.spc (public key)
> - all unsigned cabs/exes
>
> 3) Use the program SIGNCODE.EXE to sign files:
>
> signcode -v private.pvk -spc publickey.spc filename.cab
>
> After these, you can Installing the Trusted Certificates in IE.
>
> For more informaton on this question, you may refer to:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247257
>
>
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/authcod
> e/signing.asp
>
> I also notice Yanghong had provided you some useful links, you can also
> refer them:
>
> http://www.microsoft.com/windows/ie/using/howto/digitalcert/using.asp
>
> Regards,
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

Quantcast