Tuesday, September 19, 2006

Getting the .spc and .pvk files for Code Signed certificate

Getting code signed
Something that has bothered me for a while is the hassle in putting together all the pieces to sign my download files. I finally got around to looking it all up, and it isn't easy as you have to piece all the things together. I hope that this will give you an insight into how it can really work, since I managed to actually achieve what I wanted and sign my code. This article is a list of the steps I had to take, and you will probably need to review the commands yourself if you have problems.

The process
Get a certificate from http://www.ascertia.com/onlineCA/Issuer/CerIssue.aspx who will do a free code signing certificate. Obviously any alternative is good, but this will prove the concept for you, and you can go buy another from them or elsewhere later. The email address is included in the certificate, so use a sensible one you are happy for the world to see. Accept the installation of the certificate into the browser as it won't be emailed even though they say it will. Make sure you chose exportable.

Then get the Microsoft code signing stuff (codesigningx86.exe) from the MSDN web site (google will find its current location).

Use the certmgr to view your certificate and export it. Export it as a certificate (.cer file), and with the key (.pvk) file.

Use cert2spc to convert the cer file into an spc file. That's the first half of the process done. Now you need a key file compatible with the signcode application.

From http://support.globalsign.net/en/objectsign/transform.cfm:

How to transform your certificate to a pvk + spc combination.

Export your certificate to a pfx file (be sure to check "Include all certificates in the certification path if possible"). (The latter will help ensure it is accepted by more systems.

Install openssl. You can find compiled binaries on www.openssl.org (but get the Windows build from http://www.shininglightpro.com/ http://www.shininglightpro.com/download/Win32OpenSSL-v0.9.7d.exe)

Extract your private key from the pfx file.

->openssl pkcs12 -in -nocerts -nodes -out

The pfx password will be asked.

Download the pvk transform utility. This file can be found at http://support.globalsign.net/en/objectsign/PVK.zip.

-> pvk -in -topvk -out

Extract your certificates from the pfx file.

openssl pkcs12 -in -nokeys -out

The pfx password will be asked.

Transform your pem file to a spc file

->openssl crl2pkcs7 -nocrl -certfile -outform DER -out

Tuesday, September 05, 2006

ESX Server Guest OS NIC 10MB Only

If your guest OS on ESX Server is only using 10 MB NIC, install the VMWare tools and change the network driver to vmxnet from your ESX Management console

Monday, September 04, 2006

MCSE - Finally

I have passed my last elective exam: 70-284 with score 820.
This is it. I am officially a Microsoft Certifiied System Engineer!! what a relief!! After 7 exams.

I might do the 70-285 to get the MCSE+messaging and Citrix or SQL2005 after that :)

(or Checkpoint or CCNP or Ethical hacker)?