I need to export a Symantec Code signing certificate for signing .xap as .pfx. The steps mentioned on official website state All Tasks>Export as .pfx but the option is grayed out. For pvk2pfx.exe we need a .pvk which is not provided. I have only a .cer file wwhich ii want to concert into a .pfx file with a password. Kindly suggest me the steps and suitable tool!
The .cer file was without the key. A small key icon appears next to the certificate name in microsoft certificate snap-in. Regenerating the certificates did the task!
Related
I created a CSR file via Keystore Explorer5.1.1 and sent the CSR to authority organization. The organization returned me certificated CRT file and I got the CRT to Examine by Keystore Explorer, which reported an error:
Version 5.1.1 is more than two years old and it had some problems with PEM encoded certificate files. A newer version of KeyStore Explorer could probably open this file.
But this is not the right way to import the certificate from the CA anyway. Instead follow these steps:
Open the keystore with the key pair.
Right click on the key and select "Import CA Reply"
Select the certificate file.
I am building an installer and need to extract the .cer so that it can be added to trusted publisher, similar to this question/answer.
https://superuser.com/a/464233
I've managed to do that and everything works fine. Can the "Copy to file" from within Digital Signatures tab be automated using PowerShell or something similar ?
You can run Get-AuthenticodeSignature cmdlet to retrieve authenticode signing certificate from MSI.
Install4j throws "file.spc does not contain the complete certificate chain. Please add root and intermediate certificates."
I have generated a certificate, it's private key and the spc file.
The certificate has been added to the "Trusted Root Certification Authorities" and "Intermediate Certificate Authorities".
Still it gives the above error.
Please provide some help regarding this issue.
I use the signpass form the Apple passbook demo passbook_materials to create a .pkpass file I have created my pass type ID and change the passTypeIdentity in the pass.json. When I execute: ./signapss -p ./myPass in terminal, it shows:
Couldn't find an identity for pass.com.xxx.xxx.
Does someone know this?
You need to install your certificate into your keychain (double clicking on the file downloaded from Apple will suffice). You need the Apple WWDR certificate installed in your keychain also. You also must make sure you set the teamIdentifier field in your pass.json to the correct value, not just the passTypeIdentifier field.
In my case, the passbook certificates was generate in another computer, so I have to export the private key into a 'xx.p12' file, install both the p12 file and the passbook certificate in my new mac, and the problem goes away.
You can also follow the step 1 in this document: tutorial
It was very meticulous guide for wallet certificate.
I have a few Eclipse plugins that are part of a feature. We would like to apply code signing to these plugins when the update site is updated.
I can see the JAR Signing tab when exporting an individual plugin, but I can't see anything similar in my update site project settings.
Also, the tutorials that I have read are using self-signed certificates. Can anyone point me towards instructions for using Verisign certificates (i.e. *.pfx files)?
Can anyone help?
Thanks,
Alan
Edit: I have marked Kane's response as the answer because it is very similar to the steps that I took and was an inspiration. I actually followed these instructions to sign the jars because it was based on pfx files: https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1072
Step 1: Run the following command to view details about the certificate (substituting the filename with your own):
keytool -list -v -storetype pkcs12 -keystore [Filename].pfx
Step 2: Scroll to the top of the output and take a note of the Alias name value.
Step 3: Sign each jar file using the following command (substituting the filenames and alias name for your own):
jarsigner -storetype pkcs12 -keystore [Filename].pfx [Filename].jar "[AliasName]"
I now need to come up with a way of managing / automating the process.
Update site project doesn't provide such capability to sign the jars. Signing jars is a pure java concept, you could use the signtool from JDK to do it.
If you want to sign you jars via using the certificate for Windows code signing, you could refer to this blog post.
In my successful experience, I convert pfx to JKS format certificate firstly, then call below command in ant,
<signjar sigfile="MyCompany" alias="${sign.alias}" keystore="${sign.keystore}" storepass="${sign.storepass}" keypass="${sign.keypass}" tsaurl="https://timestamp.geotrust.com/tsa" preservelastmodified="true">