When I try to sign my exe using a p12 keystore I get the following error:
codesigning.p12 does not contain the complete certificate chain
However, I can sign it without problem using the windows signTool.exe by executing:
signtool sign /f codesigning.p12 /p $keyStorePassword myprogram.exe
Any ideas how to get this working in install4j?
signtool can access intermediate certificates in the Windows keystore, something that install4j does not do.
Other than creating a self-contained certificate (see Adding an intermediate certificates to a pkcs12 file), you can use the "Executable processing" step of the media wizard and call
C:\Path\To\signtool sign /f codesigning.p12 /p $keyStorePassword $EXECUTABLE
to perform external signing of all executables.
Related
I'm seeking some clarification.
I recently purchased a digital cert for code signing from one of the recognised certification authorities.
The approach I've taken is to make a batch file where I use the batch file to digitally sign each .exe file.
The batch file looks like this (password has been modified):
signtool sign /f "C:\DigitalSignaturesAndCerts\ServerCertificate.pfx" /p "PasswordGoesHere" /tr http://timestamp.sectigo.com /td SHA256 /fd SHA256 "C:\SpecificApp\ActualFile.exe"
This is working without issue.
I am not an expert in digital signing and I have two queries:
Am I right in saying what I am doing is sufficient and I don't need to import the cert to visual studio and sign the files when compiling from visual studio.
Am I right in saying the this signed exe file will continue to work after cert has expired based on batch file described above.
Any clarification is appreciated.
This is more of a general query so problem replication description is not relevant.
So this is my first time having this problem last time my code signing certificate was installed correct and without problems this time however the private key flag is missing from my certificate and after searching for about an hour I found certutil -repairstore my "CertSerialNumber"
This is working if the certificate is installed to the local machine but then signtool is unable to find the certificate, by default it installed to CurrentUser so how do I run certutil -repairstore on a certificate on current user, i have tried adding -sr currentuser and -user and it complains they are invalid parameters (WIN32: 87 ERROR_INVALID_PARAMETER).
Finally fount the answer typical it's within mins of posting this question so for anyone else,
make sure the param's are ordered correctly, the certutil is a little bit of a pain with order of parameters,
certutil -user -repairstore my "CertSerialNumber"
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
i am a unity game developer. i am trying to get .pem file from keystore through command prompt in order to enable app signing and commmand is
C:\Users\admin19>java -jar C:\Users\admin19\Desktop\pepk.jar --keystore= F:\Key
Store\abc.keystore --alias=abc --output=C:\Users\admin
19\Desktop\output\key.pem --encryptionkey=eb10fe8f7c7c94656756df715022017b00c6471f8ba8170b13049a11e6c0
9ffe3056a104a3bbe4ac5a955f4ba4fe93fc8fghhjkcef2kk7558a3eb9d2a529a2092761fb833b656cd48b9d
e6a
i press enter after typing this to cmd.
it ask for keystore passward !!! i enter.... then it ask for alias passward !! i enter which is same as keystore passward.. but it is giving error : no key for alias : [aliasname]..what should i do.. plz help
You may follow the suggestions in this thread.
To get the Key Alias: I copied the keytool.exe and my keystore file into C:\Program Files\Java\jdk1.7.0_71\bin folder. Then from command prompt I wrote: keytool -list -v -keystore <name>.keystore It will also ask for keystore password then. Then it will show you the key alias and Certificate fingerprints and other info.
It was also mentioned that if you have the keystore password, keytool might be able to list the aliases.
We are trying to create a deployment of a software called lanschool to our organization, via SCCM 2012. It functions basically by having an admin account create a channel that client accounts connect to for monitoring. We're using our admins phone extensions as their channel numbers.
The issue here is that We'd like to create a silent deployment package for this software, but would need some way to create a prompt during the install so that the admin can input their extension. Is there a way to accomplish this?
Can you launch the MSI with a command line that includes the data? This is the standard method of passing in data during a silent install. The required input values are specified as properties that can be input by the user in UI mode or passed in during silent mode, something like:
msiexec /I [path to msi file] MYCHANNEL=12345
where MYCHANNEL is the name of the public property.
A silent install with user input? Ok then :)
My initial reaction would be to try to do it with a custom action (a simple VB script for example). However something at the back of my mind (I don't have access to InstallShield right now to test this) is warning me that any attempt at interaction would not show and could either timeout or throw an error. Don't take my word for that though.
What I ended up doing is writing a bat file that prompted the user for their extension, stored it in a variable, and then added that variable data to the specified registry key. Code below:
::create a prompt for extension input and store input in variable "channelNumber"
SET /P channelNumber=Please enter your phone extension, this will be used as your Lanschool channel:
::shut down lanschool
TASKKILL /f /im teacher.exe
::write variable to reg key
REG ADD HKLM\Software\Wow6432Node\Lanschool\ /t REG_DWORD /v channel /d "%channelNumber%" /f
::start lanschool
PUSHD C:\program files (x86)\Lanschool
START Teacher.exe
EXIT
In our code we are trying to import certificates from source code to user's system who tries to install our application.Our application is windows application.
To import certificate they have used key tool command where path is wrong.
<Command name="User">
<![CDATA[keytool -keystore "%USERPROFILE%\Application Data\Sun\Java\Deployment\security\trusted.certs"
-import -v -noprompt
-file "C:\Program Files\American Express\DesktopPhone\AppletWeb\cert\NIVRApplet.cert"
-alias nap -storepass ""]]>
</Command>
Even though path C:\Program Files\American Express\DesktopPhone\AppletWeb\cert\NIVRApplet.cert is not available still certificate is getting imported into user system in the location %USERPROFILE%\Application Data\Sun\Java\Deployment\security\trusted.certs when they install our application.
When I try executing the above command in command prompt directly it says import is unsuccessful but it works fine through application without any error with certificate getting imported.
I am not sure how it is happening?
Can anybody help me on this?
When I try executing the above command in command prompt directly it
says import is unsuccessful but it works fine through application
without any error with certificate getting imported.
Probably the account you logged in does not have necessary permission on the keystore you are trying to import. What error you are getting ?