thnx kyle...i modified my openssl and tried creating other certificate.i changed the line CA:FALSE to CA:TRUE...i thnk thtz gonna work for me :) n ya...nw, m gettng a CA to sign my certificate.so i thnk tht the security problem is no more an issue :) thnx 4 ur help pal :)
On Mon, Feb 23, 2009 at 12:50 PM, Kyle Hamilton <[email protected]> wrote: > There are two major things necessary to create a code-signing key. > > First, your certificate needs to be signed by a CA which you have > accepted to sign code. This is part of the Windows certificate > management interface, and is not discussed here. (You can import your > own self-signed certificate for it, but there are many reasons why > it's better to have a CA than to import your end-use certificate into > the root store.) > > Second, your certificate needs to specifically include the > "code-signing" OID (1.3.6.1.5.5.7.3.3) in the extendedKeyUsage > extension. > > This requires a modification to your openssl.cnf file, and I don't > remember the syntax for it off-hand. > > Also, I'd recommend you not use the "v3_ca" extensions section. Copy > it to something else with some other name, and remove the part that > puts the "CA:true" bit into the certificate. > > -Kyle H > > On Sun, Feb 22, 2009 at 10:59 PM, shalin mishra > <[email protected]> wrote: > > hi...i created a certificate for my own use to try signing binaries...i > get > > a security warning when i verify my file through a cpp code.but when i > > verify winword.exe, i gives a successful output... > > > > i m using openssl (version openssl-0.9.8h-1-doc) to create > > certificates...following are the commands by which i created my > > certificate... > > > > //to create .pvk key file > > > > openssl genrsa -des3 -out my.pvk > > > > //to generate self signed certificate > > > > openssl req -new -key my.pvk -x509 -out my.crt -extensions v3_ca -config > > openssl.cnf > > > > //to generate .pfx file > > > > openssl pkcs12 -export -in my.crt -inkey my.pvk -passout pass:my -out > my.pfx > > > > i think i am missng something in the command for creating > certificates.can > > someone plz help me??? if you require any more information regarding the > > process then plz tell me... > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] >
