Einzelnen Beitrag anzeigen

Kas Ob.

Registriert seit: 3. Sep 2023
353 Beiträge
 
#3

AW: CodeSigning mit crt-Dateien

  Alt 16. Sep 2024, 16:54
Mir wurde vom Zertifikatsverkäufer (ssl2buy) damals die Erstellung mittels folgender Webseite empfohlen: https://www.sslshopper.com/ssl-converter.html
Wait !, that is wrong, and never convert your certificates online under any circumstance.

Wie bringe ich jetzt dem SignTool bei, dass es dieses Zertifikat nutzt?
I was expecting who can explain this in German because this is like 101 for certificate and signing.

.crt/.cer file is a certificate, that simple.
.p12 (also practically is .pfx) is also a certiciate same as .crt, But encrypted and most likely have the private key !

Now to sign, meaning to make a signature you need a private key, and that is it, with or without a certificate, for digital signature for Microsoft Authnticode, you need the certificate along the private key.

the certificate you received are the plain one with the chain of trust, ( the root, and CAs in your case there is only one CA).

Now the question is : and this is what you should have asked : Where is my Private Key ?
The quick answer is i don't know ! and i can't say !

However i can this:
Either it is attached to PKCS11 meaning will need hardware token/USB, or simply it is already imported in your OS store, or you used a (the specific) browser to receive the certificate and the key was imported in that store, like the case with FireFox, ( i use portable version of FireFox ESR, https://portableapps.com/apps/intern...x-portable-esr to handle my online certified presence and certificates).

Anyways, if you have hardware token then, i believe others here would be more helpful, in case you can open your OS store and check if that certificate is imported in personal and there is private key then you can use SignTool, but first i want to point that private key from OS certificate store, might be exportable !
If they imported at first with exportable flag then you can export it and build/convert your crt and the key into either pfx or p12, but if it is non exportable then you limited to use it on your device (account!!) as user.
if case non exportable then you use
Code:
#signtool.exe sign /f MeinName.p12 /p MeinPasswort /du https://www.MeineWebseite.de /t "http://timestamp.digicert.com" $p
signtool.exe sign /a /n "ISSUED_TO_FIELD" /du https://www.MeineWebseite.de /t "http://timestamp.digicert.com" $p
where ISSUED_TO_FIELD is from the certificate and will be shown in the store, while "/a" will select the certificate automatically.

Hope that help, and a i said someone with German might explain this in cleaner way.
Kas
  Mit Zitat antworten Zitat