我有代码签名证书,他们只有X.cer个文件
当我需要签署我的.exe时,我需要一个PFX文件,我需要两个文件A.key和B.crt
Q值。如何从X.cer文件,A.key和B.crt制作?这样我才能开始第1步?
第1步:
$ openssl pkcs12 -inkey A.key -in B.crt -export -out GOAL.pfx
第2步:
signtool sign /debug /f GOAL.pfx /p MyPassword MyFile.exe
or
signtool sign /debug /n "My Company Certificate" MyFile.exe
编辑:仍然混淆了如何制作A.key文件?
openssl pkcs12 -export -in X.cer -inkey A.key -out GOAL.pfx -certfile ??.cer
or
openssl pkcs12 -export -in X.cer -inkey A.key -out GOAL.pfx
-in指定要嵌入输出文件的输入证书(代码签名官方文件)
-inkey指定您使用OpenSSL生成的密钥文件(??????? how ?????)
-out告诉openssl输出文件所需的名称(PFX文件)
-certfile用于指定要添加到输出pfx文件(可以忽略)的其他证书可选。
答案 0 :(得分:0)
注意:许多专家认为并完全忽略了#34;您没有关键文件",请注意,这是正常的,许多供应商不会要求他们自己制作的KEY文件all并仅提供PFX或CER文件。结果就像我的情况一样令人困惑。
1)创建A.key
$ openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
Generating a 2048 bit RSA private key
...............+++
....................+++
writing new private key to 'privateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Oost-Vlanderen
Locality Name (eg, city) []:Dendermonde
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TEST
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:NAME of DEVLOPER
Email Address []:email@domain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$ ls
CSR.csr privateKey.key
2)让B.crt重命名X.cer
3)最后应用
openssl pkcs12 -export -in X.cer -inkey A.key -out GOAL.pfx
编辑: 最后完成,我还没有KEY文件。供应商给了我PFX文件
C:\Program Files (x86)\Windows Kits\8.0\bin\x86>signtool.exe sign /debug /f C:\Users\sun\Downloads\s.pfx /p 1234password C:\Users\sun\Downloads\IeAddOnDemo\IeAddOnDemo\bin\Debug\IeAddOnDemo.dll
The following certificates were considered:
Issued to: xxxxN.V./S.A.
Issued by: GlobalSign CodeSigning CA - SHA256 - G2
Expires: Wed Apr 08 18:13:59 2015
SHA1 hash: xxxxx
Issued to: GlobalSign CodeSigning CA - SHA256 - G2
Issued by: GlobalSign
Expires: Fri Aug 02 12:00:00 2019
SHA1 hash: xxxxxx
After EKU filter, 2 certs were left.
After expiry filter, 2 certs were left.
After Private Key filter, 1 certs were left.
The following certificate was selected:
Issued to: xxxN.V./S.A.
Issued by: GlobalSign CodeSigning CA - SHA256 - G2
Expires: Wed Apr 08 18:13:59 2015
SHA1 hash: xxx
The following additional certificates will be attached:
Issued to: GlobalSign CodeSigning CA - SHA256 - G2
Issued by: GlobalSign
Expires: Fri Aug 02 12:00:00 2019
SHA1 hash: xxxx
Done Adding Additional Store
Successfully signed: C:\Users\sun\Downloads\IeAddOnDemo\IeAddOnDemo\bin\Debug\IeAddOnDemo.dll
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0