Wissensdatenbank

StartSSL Object code signing certificate

Vorwort


Da nicht zertifizierte Anwendungen (.exe) nicht vertrauenswürdig sind, erkläre ich Ihnen hier, wie ich ein Zertifikat von StartSSL in meine Anwendung integriert habe. Für die Entwicklung von Anwendungen verwende ich Microsoft Visual Studio 2015.

Erstellen Sie zuerst einen Certificate Signing Request.
openssl req -new -newkey rsa:4096 -keyout 4b42.pem -out 4b42.pem
Generating a 4096 bit RSA private key
....................++
.....................................................................................................................++
writing new private key to '4b42.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CH
State or Province Name (full name) [Some-State]:St. Gallen
Locality Name (eg, city) []:St. Gallen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:4b42
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:hostmaster@4b42.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Nun lesen Sie den CSR aus der Datei 4b42.pem aus:
cat 4b42.pem
-----BEGIN CERTIFICATE REQUEST-----
MIIEijCCAnICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAL5uNdcel8RX1NmuGNy2XlZy8mpHj4BRqlI+EQLE
jhf0XHgqoMkYeVoWkpf9LkWwMSzIlUNQlRI6S2Wh2w1Zf5ttL5VtUWViUCPAocdC
x0a+a/7eEkYmzg/nqPyoXoAt9hqlVv6I3p7iK1e3D0TDiBJX5bFIR5tC+IwcMER7
Ue3UrRnv6jWK1Q06z6RoJdU6aHsAj8QP6M3zMJQOq+rTjUlcWmGELNRUHTtXeX4F
OBRVxdFF+D9AIqx9RF3WJGzt4RV9tEfvNrAwMheuOIYIJ6digFGx7VgXD8Lj/vTV
OlMRfVmeK5xtUlmOIjObZs3D3F12wjtSHxgY1esLvQ1riUsDxpjzLCcsnIwqpTUg
UpYh2cuzcNFM2scsk4iGxVPLHVBc30dHVQm8bg0rMYbm8QE6bgHQXK8V/qwxuriH
RQCh02p4O4Nbpfo+AYiftSU+hOOONDUetm4vkO+IAF1iKUGtlnBQsfeKWIy9v1HS
2xAPf3ox+YOUd2qN3mshAZ33CjS/y/05q8jsovXeIN+bi1PkeylEKjA0HlvEJANI
/IMgCamaEmM3aINx7z62KDMiGI/EuxtHQKtJHxCE12FTDchaNGncpVTH//X75u0R
XCo2nypYrI0W+K138XHPs4Inx7eTM2Iiu4v4pIBxn0pMBrE4O1g0Gy6eZhxFa75W
Wc/pAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAoyAwn0SzFkwVxNt4ryYk3Ybb
1ewshutLZl5dPpSi7KVXQnOKuVAw5EpiW/owl2LTFMDZbOBdTYvEWbt/xSNJZsax
+CTuc/k8lJ4t9Unwf/hHjQK70WCxJnql+l5ZXsrmxnF7XwbbrKBRhBYNJF1GWpsy
1qezhX7OnvLOcvwJVxynGBuxs9ZKuxnOHHpw5ndHrFB0j4nTtPee6bsrGUj0gnhI
XNThMb2kcaDwkngpfQUMe0Ahhib3VIE1wWKlvFDYsnh5xo21MIdMwEVC20wHMG26
vzUAFe9p/foFb0Q12FN/cRyDr6eZ3oUXGVzyb3bIQvP3MKl+tIKQLEvk+6fQ/SDt
Gpr6mKp4dM7J/mOFWT5dCX2NXZzRhsed+PSVn80Lh8Sq7KbrwJiB9K7jJg2oK6g2
IzmKLtdKrBiDyVQJUBcE1zvitd1U221mDxjsDd2tOLB9hRhLg7BJtHGZDD/3cdin
2MYcCwXBYfkgK6qOjUlAz/+MmRsGLqf8SyUWNENvoO8N//az8eWVFZqqF8bqanbJ
SrC0XW0mpfG9W0+JjtkFdoq9FypFPx13E5DTor0tsPCDqqxqv77CrbwHhgUY7pOw
avU0mGlo2WPkCg/kGcHOobxmdC74P95TK/gMkqQDJWpXo8hIhY6MhuOCEGYHHkIu
3eyR1FZQPKDV0nM5jWY=
-----END CERTIFICATE REQUEST-----


Erstellen Sie nun eine PFX Datei:
openssl pkcs12 -export -in 4b42.crt -inkey 4b42.key -out 4b42.pfx
Enter pass phrase for 4b42.key:
Enter Export Password:
Verifying - Enter Export Password:


Manuelle Signierung


"C:\Program Files (x86)\Windows Kits\8.1\bin\x64\signtool.exe" sign /v /a /ph /d "4b42 DynDNS Updater" /du "http://www.4b42.com" /tr http://www.startssl.com/timestamp "C:\Users\4b42\Documents\Visual Studio 2015\Projects\DynDNS\DynDNS\bin\Release\DynDNS.exe"
The following certificate was selected:
Issued to: Kevin Buhl
Issued by: StartCom Class 2 Primary Intermediate Object CA
Expires: Sun Oct 29 09:32:53 2017
SHA1 hash: 594EBFB875BDEF1C866F892C5941D6271141E112

Done Adding Additional Store
Successfully signed: C:\Users\4b42\Documents\Visual Studio 2015\Projects\DynDNS\DynDNS\bin\Release\DynDNS.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0


Fehlermeldungen


SignTool.exeSignTool.exe

SignTool.exe


Sollten Sie die Meldung
"SignTool.exe" wurde nicht gefunden
erhalten, starten Sie die Installation von Microsoft Visual Studio erneut und wählen Sie die ClickOnce-Veröffentlichungstools aus.