MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically.
Search the Community
Showing results for tags 'makecert'.
Found 3 results
Glenn9999 posted a topic in Programming (C++, Delphi, VB/VBS, CMD/batch, etc.)Lately, I've been trying to figure out how to code sign something (either something I've written or an installer I make out of a script). I've read a lot of material that says a lot of different things, with different commands and the like, so it's been confusing trying to figure out the right tools and the right commands to get a good result. I figured out I could use the verify command of signtool.exe to check things. I get this error, which reflects what I see under the Digital signatures tab of the file properties as well: SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Unfortunately, I haven't and I'm not seeing anything indicating what I'm doing wrong or a step I'm leaving out. Here's what I'm doing to create my certificate files... and what I'm signing my file with: I figured out that I needed to "install the certificate" from another error I was getting. My understanding is doing this locally, I still have to have something for it to compare against to get the fullest result I can expect. Then too, I probably won't get the fullest result without having a paid certificate at a public provider... Could anyone show me what I'm doing wrong and walk me through what to expect? I might just be doing something wrong, but I may not be understanding something correctly too. At least give me an idea of what this looks like done correctly?
olspookishmagus posted a topic in Software HangoutHello. I've been trying to utilise makecert to create a self-signed cert but I can't get find the required makecert syntax for its -n option to create DNs containing commas. An example that would fail is: makecert.exe -r -pe -n "CN=Litware,OU=Docs\,Adatum,DC=Fabrikam,DC=COM" -a md5 -sky signature -cy authority -sv Litware_Root_CA.pvk -len 512 -m 13 -ss Root -sr localMachine -eku 220.127.116.11.18.104.22.168.3 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" -sy 24 Litware_Root_CA.cer And it would fail as such: Error: CryptCertStrToNameW failed => 0x80092023 (-2146885597) If you remove the removed the escaped comma character from the OU DN everything would proceed Ok. What I have already tried: -n quoted with DNs quoted DNs seperator special chars error --------------- ----------- -------------- -------------- ------ double quotes no comma unescaped E1 double quotes no comma escaped E1 double quotes no semicolon unescaped E1 double quotes no semicolon escaped E1 double quotes yes, double quotes comma unescaped E2 double quotes yes, double quotes comma escaped E2 double quotes yes, double quotes semicolon unescaped E2 double quotes yes, double quotes semicolon escaped E2 single quotes no comma unescaped E1 single quotes no comma escaped E1 single quotes no semicolon unescaped E1 single quotes no semicolon escaped E1 single quotes yes, double quotes comma unescaped E1 single quotes yes, double quotes comma escaped E1 single quotes yes, double quotes semicolon unescaped E1 single quotes yes, double quotes semicolon escaped E1 E1: Error: CryptCertStrToNameW failed => 0x80092023 (-2146885597) E2: Error: Too many Parameters Just to clarify, I'm running makecert version 6.1.7600.16385 from within PowerShell version 2.0. So I would appreciate any help on how to overcome this.
olspookishmagus posted a topic in Windows XPHello. I'm struggling to create a private key in order then to use to sign a PowerShell Script and I would really use some help on this. Firstly I wanted to be able to run PowerShell scripts without having to lower PowerShell's Execution-Policy and in order to do that one should have to be able to sign scripts. Therefore and after installing the Windows SDK I'm trying to create a private key (and then a certificate) in order to be able to sign scripts. But this fails likewise: C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin>makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 22.214.171.124.126.96.36.199.3 -r -sv root.pvk root.cer -ss Root -sr localMachine Error: Can't create the key of the subject ('root.pvk') Failed And so I've begun trying to debug this, with no success. So far I've checked with these: I checked with makecert's documentation to check whether the command parameters are correct executed the command from within a non-special directory executed the command as the local Administrator user executed the command from an "elevated" Command Prompt or an "elevated" PowerShell made sure the security permissions for _ALL_ the Crypto/RSA directories are set as indicated If you have any ideas or you would like to share your insights or have me walk again over again something I've already tried/mentioned please feel free to comment. Thanks in advance.