According to this guide I tried to create a certificate for signing PowerShell scripts:
The following error occurs:
I used OpenSSL v1.1.0c. Every other guide I found creates certificates that are not usable for code signing.
Mar 30, 2015 Manually Generate a Certificate Signing Request (CSR) Using OpenSSL. OpenSSL is an open-source implementation of SSL/TLS used on approximately two-thirds of servers on the internet. Although many other methods exist to perform these steps on an Apache server, OpenSSL is the industry standard. For more information on OpenSSL.
AntineutrinoAntineutrino
1 Answer
There is no need in OpenSSL on Windows. On Windows 7, you can use my own PowerShell script I published on TechNet Script Gallery: Self-signed certificate generator (PowerShell). The usage can be something like this:
(very first example).
Starting with Windows 8, you can use built-in certreq.exe tool to generate the certificate. Create INF file with cert configuration, for example:
and then run the following command:
This will generate and install the certificate to current user's certificate store.
Starting with Windows 10, you can use built-in PowerShell cmdlet as follows:
However, self-signed certificate usage for code signing in production environments is dsicouraged. You should use them in test environments only.
For private usage (within organization only), you should check if company already owns PKI infrastructure and contact appropriate personnel to receive company-approved code signing certificate.
For public scripts (you are going to distribute along with software packages, or deliver scripts to your customers), I would suggest to purchase code signing from globally trusted commercial CA provider.
Crypt32Crypt32
Not the answer you're looking for? Browse other questions tagged windowspowershellopensslcertificate or ask your own question.
We use certificate to sign ActiveX in our product. Usually client sent me spc and pvk files and password for private key. I used spc and pvk files to generate pfx file and sign ActiveX using this pfx file.
Previous certificate will be expired soon and client sent me the new certificate. But now he sent me keystore file and email with certificates in BASE64 format. There are following entries in email:
I did next steps to create pfx file:
Is it correct approach? To many steps as for me. Is there much shortest path to generate pfx file?
What should I do with 'Code Signing certificate' from email?
Volodymyr Bezuglyy
Volodymyr BezuglyyVolodymyr Bezuglyy
2 Answers
This is the correct path, especially if you have to export the certificate from a Java keystore.
I had a similar problem, having to convert a Java certificate to pfx and have found great inspiration from your question.
Marcel PiquetMarcel Piquet
If you want to shorten the process, you can skip step 3, as pvk2pfx accepts a .cer format as an alternative to .spc.
RoryRory
Not the answer you're looking for? Browse other questions tagged opensslcertificatekeystorekeytoolpfx or ask your own question.