Question on makecert, signcode, chktrust

TheMSsForum.com: The Microsoft Software Forum

I'm new to certificates but I've tried the prescribed steps without success.
With a simple .Net exe I've done this to use a test certificate:

- makecert -sk "ABC" -n "CN=ABC CORP" abc.cer

- signcode using UI to specify
- abc.exe
- Custom signing
- select-from-file the abc.cer file
- Private key in a CSP, specifying ABC
- sha1 hash algorithm
- specify "Abc Corp" as description, www.abccorp.com as the URL

- setreg 1 true

It says it all worked, and my abc.exe is bigger than it was. But when I
then do ChkTrust abc.exe the message box it brings up says it's untrusted.

Back in signcode there's a place to View Certificate. It says "Cannot be
verified up to a trusted certification authority". . If I look at the
Certification Path is shows "Root Agency" as parent of "Abc Corp". "Abc
Corp" says certificate OK. Root Agency says "This CA Root certificate is
not trusted because it is not in the Trusted Root Certification Authorities
store.". If I click on Install Certificate.. to run the Cert Import wizard,
nothing changes

So is there some other simple step I've not heard about to get test certs,
or even just signcode/chktrust, to really work?

--

Tim Johnson
High Point Software, Inc.
www.high-point.com
(503) 312-8625
Top

Re: Question on makecert, signcode, chktrust by Tim

Tim
Wed Nov 09 12:01:51 CST 2005

Addendum - I'd been using signcode from VS2003 bin directory because it
didn't seem to be in VS2005. I now see it's been renamed "signtool", and
also replaces the ChkTrust utility with the new "verify" option. So I reran
makecert, then signtool in signwizard mode, then ran signtool verify /a
<filename> and got this message:

SignTool Error: WinVerifyTrust returned error: 0x800B010D
The certification path terminates with the test root which is not
trusted with the current policy settings.
SignTool Error: File not valid: MyApp.exe

Isn't "setreg 1 true" supposed to eliminate this not-trusted error? What am
I missing?
--

Tim Johnson
High Point Software, Inc.
www.high-point.com
(503) 312-8625


"Tim Johnson" <tjohnson@high-point.com> wrote in message
news:ec9sHzN5FHA.268@TK2MSFTNGP10.phx.gbl...
> I'm new to certificates but I've tried the prescribed steps without
> success. With a simple .Net exe I've done this to use a test certificate:
>
> - makecert -sk "ABC" -n "CN=ABC CORP" abc.cer
>
> - signcode using UI to specify
> - abc.exe
> - Custom signing
> - select-from-file the abc.cer file
> - Private key in a CSP, specifying ABC
> - sha1 hash algorithm
> - specify "Abc Corp" as description, www.abccorp.com as the URL
>
> - setreg 1 true
>
> It says it all worked, and my abc.exe is bigger than it was. But when I
> then do ChkTrust abc.exe the message box it brings up says it's untrusted.
>
> Back in signcode there's a place to View Certificate. It says "Cannot be
> verified up to a trusted certification authority". . If I look at the
> Certification Path is shows "Root Agency" as parent of "Abc Corp". "Abc
> Corp" says certificate OK. Root Agency says "This CA Root certificate is
> not trusted because it is not in the Trusted Root Certification
> Authorities store.". If I click on Install Certificate.. to run the Cert
> Import wizard, nothing changes
>
> So is there some other simple step I've not heard about to get test certs,
> or even just signcode/chktrust, to really work?
>
> --
>
> Tim Johnson
> High Point Software, Inc.
> www.high-point.com
> (503) 312-8625
>
>
>


Top