测试案例3:在Windows 7徽标测试中对文件和驱动程序进行数字签名 [英] Test Case 3: Digitally sign files and drivers FAIL in Windows 7 Logo test
问题描述
使用VeriSign ID的代码签名文件
将根证书添加到证书存储区(仅限组织证书)
如果您计划使用VeriSign组织证书,用于购买的计算机和用于代码签名的计算机必须在购买或签名之前在计算机的受信任的根证书颁发机构证书存储区中安装根证书。根证书只能添加到受信任的根证书颁发机构证书存储区一次。
按照以下步骤将根证书添加到计算机的证书存储区:
下载VeriSign组织证书的根证书此处。
点击 开始 ,点击 开始搜索 ,键入 mmc ,然后按< span style ="font-weight:bold"> ENTER 。
在 文件 菜单上,点击< span style ="font-weight:bold"> 添加/删除管理单元 。
在 可用管理单元 下,双击 证书 ,选择 计算机帐户 ,点击 完成 ,然后点击 确定 关闭main'添加或删除管理单元'对话框。
在控制台树中,展开< span style ="font-weight:bold"> 证书 然后 受信任的根证书颁发机构 。
右键单击 受信任的根证书颁发机构 商店。
单击 导入 以导入证书并按照证书导入中的步骤操作向导
或者,您可以使用certmgr工具添加根证书到您机器的证书存储区。
请点击其他有关如何使用certmgr工具的进一步文档。
代码签名文件(组织和验证码证书)
按照以下步骤使用签名文件signtool.exe,作为WDK的一部分提供。请注意,signtool.exe将替换signcode.exe。后者不再受微软支持。
选项1: 直接从Windows计算机上的证书存储区签名。注意Microsoft Windows NT,Windows Me,Windows 98或Windows 95不支持signtool.exe。
将以下文件放在名为 c:\keys
< li class = kadov-p style ="list-style-type:disc">
signtool.exe
jbxxxxxx .cab或winqual.exe(这是您要签名的文件)
< li class = kadov-p>
点击 开始 , 运行 ,键入 cmd.exe ,然后按 输入 打开命令提示符窗口。
在命令提示符窗口中输入以下......
类型: c:并按 ENTER
类型: cd\ 并按 ENTER
输入: cd keys 并按 输入
提示现在应该是 c:\keys
在一行中键入以下命令,然后按 ENTER
signtool sign / a / t http://timestamp.verisign.com/scripts/timstamp。 dll winqual.exe
选项2: 从.pfx文件进行签名。
使用MMC的证书管理单元,导航到VeriSign组织证书,右键单击并选择所有任务>导出...以打开证书导出向导。
按照步骤导出证书并保存.pfx文件,如果不需要,请注意不要删除私钥。
- 的文件夹中
将以下文件放在名为 c:\keys
signtool.exe
jbxxxxxx.cab 或 winqual。 exe (这是你要签名的文件)
orgcert.pfx (这是导出的VeriSign组织证书)
在命令提示符窗口中输入以下内容...
< ol class = whs15 type = disc>
键入: c:并按 ENTER
类型: cd \ 并按 ENTER
输入: cd keys 并按 ENTER
提示现在应该是 c:\keys
在一行输入以下命令,然后按ENTER键
signtool sign / f orgcert.pfx / p password / t http://timestamp.verisign.com/scripts/timstamp。 dll winqual.exe
如需更多参考,我们可以查看 https://winqual.microsoft.com/Help/default.htm#code-sign_files_with_your_verisign_id.htm#Class3
(或)
http://msdn.microsoft.com/en-us/library/dd406710.aspx
(或)<无线电通信/> http:// m sdn.microsoft.com/en-us/library/aa906249.aspx
Hi,
Hi,
Code-sign files with your VeriSign ID
Adding the root certificate to the certificate store (Organizational Certificate only)
If you are planning on using a VeriSign Organizational Certificate, both the computer used for purchasing and the computer used for code-signing must have the root certificate installed in the computer’s Trusted Root Certification Authorities certificate store before purchasing or signing can take place. The root certificate must be added to the Trusted Root Certification Authorities certificate store only once.
Follow these steps to add the root certificate to the certificate store of your machine:
Download the root certificate for the VeriSign Organizational Certificate here.
Click Start, click Start Search, type mmc, and then press ENTER.
On the File menu, click Add/Remove Snap-in.
Under Available snap-ins, double-click Certificates, select Computer account, click Finish, and then click OK to close the main ‘Add or Remove Snap-ins’ dialog box.
In the console tree, expand Certificates and then Trusted Root Certification Authorities.
Right-click the Trusted Root Certification Authorities store.
Click Import to import the certificates and follow the steps in the Certificate Import wizard
Alternatively, you can use the certmgr tool to add the root certificate to the certificate store of your machine.
Please click here for further documentation on how to use the certmgr tool.
Code Signing Files (Organizational & Authenticode Certificates)
Follow these steps to sign a file using signtool.exe which is shipped as part of the WDK. Note that signtool.exe replaces signcode.exe. The latter is no longer supported by Microsoft.
Option 1: Signing directly from the certificate store on a Windows machine. Note signtool.exe is not supported on Microsoft Windows NT, Windows Me, Windows 98 or Windows 95.
Put the following files in a folder called c:\keys
signtool.exe
jbxxxxxx.cab or winqual.exe (this is the file that you want to sign)
Click Start, Run, Type cmd.exe and then press ENTER to open a Command Prompt window.
In the Command Prompt Window enter the following…
Type: c: and press ENTER
Type: cd\ and press ENTER
Type: cd keys and press ENTER
The prompt should now read c:\keys
Type in the following command on one line and press ENTER
signtool sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll winqual.exe
Option 2: Signing from a .pfx file.
Using the Certificates snap-in for MMC, navigate to the VeriSign Organization Certificate, right-click and select All Tasks > Export… to open the Certificate Export Wizard.
Follow the steps to export the certificate and save the .pfx file taking care not to delete the private key if this is not desired.
Put the following files in a folder called c:\keys
signtool.exe
jbxxxxxx.cab or winqual.exe (this is the file that you want to sign)
orgcert.pfx (this is the exported VeriSign organizational certificate)
In the Command Prompt Window enter the following…
Type: c: and press ENTER
Type: cd\ and press ENTER
Type: cd keys and press ENTER
The prompt should now read c:\keys
Type in the following command on one line and press ENTER
signtool sign /f orgcert.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll winqual.exe
For More Reference we can check https://winqual.microsoft.com/Help/default.htm#code-sign_files_with_your_verisign_id.htm#Class3
(or)
http://msdn.microsoft.com/en-us/library/dd406710.aspx
(or)
http://msdn.microsoft.com/en-us/library/aa906249.aspx
这篇关于测试案例3:在Windows 7徽标测试中对文件和驱动程序进行数字签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
