Ted Yuan's blog

package an active x control

package a dll with inf to CAB file, and sign the cab

1. Create CAB file
cabarc -s 6144 N ViewHtml.cab ViewHtml.dll ViewHtml.inf

2. sign the cab (generate the root certificate for LocalMachine and its private key .pvk file, sign the cab, import root certificate ti MMC/IE)

(see

http://blogs.technet.com/jhoward/archive/2005/02/02/365323.aspx)

2.1 create root cer (enter 123456 in password pop up dialog), generate pvk file for the later signcode step

makecert -pe -n "CN=Test And Dev Root Authority" -sv root.pvk -ss my -sr LocalMachine -a sha1 -sky signature -r "Test And Dev Root Authority.cer"

(!--do not need this cert for active x deploy -
use root cert to create another cer for exchange purpose

makecert -pe -n "CN=your_host.company.com" -sv borrowroot.pvk -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Test And Dev Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 your_host.company.cer
--)

2.2 use start->run->mmc, file/add/remove snap-ins, select certificates, click close, click ok, see it in the personal/certificate section, copy it over to Trusted Root Certificate Authorities/certificates section

2.3 genaret the software publisher's certificate

Cert2SPC "Test And Dev Root Authority.cer" Cert.spc

2.4 run signcode (or signtool) to sign the cab

"C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin"\SignCode -spc Cert.spc -v root.pvk -n "My control description" -i "http://www.yahoo.com" -t http://timestamp.verisign.com/scripts/timstamp.dll ViewHtml.cab

on other test machines, import the Test And Dev Root Authority.cer to the TRusted Root Certificate Authorities to allow installation

------> resources

http://msdn.microsoft.com/library/default.asp?url=/workshop/components/active...

signing cab

http://msdn.microsoft.com/workshop/security/authcode/signing.asp

File signing tool (Signcode.exe) fails when you use the "-$ Commercial" option,

Error: The certificate does not have the correct signing authority.
Error: Signing Failed. Result = 80028ca0, (-2147316576)

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B822501

for java code: http://support.microsoft.com/kb/q193877/

Vista Protected Mode

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dn...

2006-10-24 23:15:24 GMT

Site Home



		What's happening

		package an active x control package a dll with inf to CAB file, and sign the cab 1. Create CAB file cabarc -s 6144 N ViewHtml.cab ViewHtml.dll ViewHtml.inf 2. sign the cab (generate the root certificate for LocalMachine and its private key .pvk file, sign the cab, import root certificate ti MMC/IE) (see http://blogs.technet.com/jhoward/archive/2005/02/02/365323.aspx) 2.1 create root cer (enter 123456 in password pop up dialog), generate pvk file for the later signcode step makecert -pe -n "CN=Test And Dev Root Authority" -sv root.pvk -ss my -sr LocalMachine -a sha1 -sky signature -r "Test And Dev Root Authority.cer" (!--do not need this cert for active x deploy - use root cert to create another cer for exchange purpose makecert -pe -n "CN=your_host.company.com" -sv borrowroot.pvk -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Test And Dev Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 your_host.company.cer --) 2.2 use start->run->mmc, file/add/remove snap-ins, select certificates, click close, click ok, see it in the personal/certificate section, copy it over to Trusted Root Certificate Authorities/certificates section 2.3 genaret the software publisher's certificate Cert2SPC "Test And Dev Root Authority.cer" Cert.spc 2.4 run signcode (or signtool) to sign the cab "C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin"\SignCode -spc Cert.spc -v root.pvk -n "My control description" -i "http://www.yahoo.com" -t http://timestamp.verisign.com/scripts/timstamp.dll ViewHtml.cab on other test machines, import the Test And Dev Root Authority.cer to the TRusted Root Certificate Authorities to allow installation ------> resources http://msdn.microsoft.com/library/default.asp?url=/workshop/components/active... signing cab http://msdn.microsoft.com/workshop/security/authcode/signing.asp File signing tool (Signcode.exe) fails when you use the "-$ Commercial" option, Error: The certificate does not have the correct signing authority. Error: Signing Failed. Result = 80028ca0, (-2147316576) http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B822501 for java code: http://support.microsoft.com/kb/q193877/ Vista Protected Mode http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dn... 2006-10-24 23:15:24 GMT Site Home