使用.cer文件签名.exe(signtool.exe要求的证书名称是什么?) [英] Signing .exe with .cer file (what is my certificate's name that signtool.exe is asking for?)
问题描述
我已经为我的程序购买了证书。
我从其购买的网站向我发送了一个 .cer 文件( 43-some-really-long-name- 9962812767788.cer )。没有发送其他文件,但是我几乎100%确定不需要任何其他东西。
当我单击该 .cer 文件,其中包含以下信息:
- 用于:(我的数据)
- 通过: Certum代码签名CA
- 过期:2014年10月24日
所有这些信息似乎没事。
我有我的 .exe 文件,我想用它签名(因此,例如,用户将以管理员身份运行该文件时, Windows,他将能够看到证书信息。)
我发现我可以使用 signtool.exe ,但是它总是返回错误,表明找不到符合所有条件的证书。
因此,如何对我的程序进行签名(添加 .cer 到我的 .exe )仅使用 .cer 文件(以及我可以从该 .cer 文件)?
我没有证书,.cer和所有证书termino的经验学,因此请在回答时考虑到这一点(我是一个简单的人...;)
到目前为止根据,然后将其与 / f 一起传递选项:
signtool.exe标志/ f blah.pfx / t http://timestamp.comodoca.com/authenticode filetosign.exe
/ n 选项仅用于从证书存储中选择特定证书。
I have bought a certificate for my program.
The website from which I bought it, sent me an .cer file (43-some-really-long-name-9962812767788.cer). No additional files were sent, but I'm almost 100% sure that I don't need anything more.
When I click on that .cer file, there are information like:
- for: (my data)
- by: Certum Code Signing CA
- expires: 2014-10-24
All that info seems to be fine.
I have my .exe file, that I want to sign with it (so when e.g. user will run it as administrator on Windows, he will be able to see the certificate info).
I found that I can use signtool.exe for it, but it always returns an error that no certificate that meets all criteria was found.
So, how to sign my program (add .cer to my .exe) using only .cer file (and all files that I can generate from that .cer file)?
I have no experience in certificates, .cer and all certificates terminology, so please take that into account while answering (I'm a simple man... ;)
So far I have installed (I think I did it in right way) .cer at the Trusted Root Certification Authorities store on your computer account, according to MSDN blog:
- Start->Run ->MMC
- File -> Add/ Remove Sanp in…
- From the "Add or Remove Snap-ins" window select "Certificates" and click at "Add >". Select "Computer Account" and then click at "Next".
- Select "Local Computer" and click at "Finish".
- Open "Trusted Root Certification Authorities" store at the left pane and click at "Certificates", shown in Figure 7. Then right click at the right window pane and select "All Task -> Import".
- Import the above .cer file that you created and install it.
I indeed see my cer at the MMC now:
Still, I don't know how to use signtool.exe in proper way. The command:
Signtool sing /v
/t http://timestamp.verisign.com/scripts/timstamp.dll
/n CER_NAME_HERE FileToSign.exe
Fails, because I don't know what is the "CER_NAME_HERE" for my certificate.
From your sample, you're not actually specifying the certificate file.
Firstly, you need to create a pfx file containing the certificate and any signing CA certificates, which you then pass with the /f option:
signtool.exe sign /f "blah.pfx" /t http://timestamp.comodoca.com/authenticode "filetosign.exe"
The /n option is only used to select a specific certificate from the certificate store.
这篇关于使用.cer文件签名.exe(signtool.exe要求的证书名称是什么?)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
