the certificate in the signature cannot be verified?

The usual reasons for a signature verification failure are:
- The certificate is not signed for the speficied server/URL
- The certificate is over due
- The certificate has been revoked
- The certificate has not been signed for the meant purpose
- The certificate is published by an unknown/unlisted CA or is selfsigned

J.

ya i self signed the certificate but now i need to run that application on another PC, but there its shoowing the error "the certificate in the signature cannot be verified". how can i make that cerificate verified on the other PC?

Start/run certmgr.msc and import it to the personal/certificates (right click, choose All Tasks/Import)

J.

thats fine, but is there any registry setting or something like that which i can do to make my application run on the other PC without running any wizard from that other  computer to make my certificate verified?

No, PKI and certificates are much more complex then just a registry setting.
What you could do is use a script or build the import into your application.
Just google for some examples.

J.

I have already done lots of research work in this and i am finding the same thing. That is, to deal with those paid third party certificates providers(such as Thawte, verisign etc.). They will give the certification then only i will be able to run my program on the other system. But for these demo projects i m not willing to pay them. Can u help me in referring in those sites where i can find those article regarding import code or script for my application.

First of all: if you import the certificate manually, is your problem solved by just importing it in the personal folder or do you also have to import it in another one like Trusted Root, Trusted Publishers or Third-Party Root?

J.

   Sorry for late replying. but my problem is still with me. See I made an application in vista with VC++ 2005.
then i self signed that application through some commands in command prompt. If you want i can provide you with those commands,  it worked on that system. It was showing "the digital signature is OK". every thing was perfect.
then I brought that application to XP, there its showing the "the certificate in the signature is not verified". Then as u said I imported manually the .pfx file in the personal folder, then in trusted root and in trusted publisher.
 But the problem is still same. Am I wrong somewhere??? I just want my application run perfectly at every OS. Please help me out.

For a self signed certificate, importing it to the trusted root should suffice.
Can you verify in certmgr if the self signed application certificate is really there?

J.

BTW, can you post how you made the self-signed cert?

J.

ya,
    here i am showing u the procedure which i followed for making a self signed certificate for my application. This i got for one of the link which i dont remember now:
How to create and use code signing certificate on Vista computer (for testing purposes).

1.       Create self-signed root certificate (MyRootCA), use MYPASSWORD1 as a password (you will type it 3 times).

makecert -n "CN=MyName Software  Root Certificate Authority" -r -a sha1 -sv MyRootCA.pvk MyRootCA.cer -sr LocalMachine -ss MyName -sky signature

2.       Create child certificate (MyCodeSigningCA) for code signing, create MYPASSWORD2 as password for new certificate and when you are asked for Issuer Signature, type MYPASSWORD1.

makecert -sv MyCodeSigningCA.pvk -iv MyRootCA.pvk -n "CN=MyName Software Code Signing CA" -ic MyRootCA.cer MyCodeSigningCA.cer

3.       Create PFX key (use the password MYPASSWORD2).

pvk2pfx.exe -pvk MyCodeSigningCA.pvk -spc MyCodeSigningCA.cer -pfx MyCodeSigningCA.pfx -po MYPASSWORD2

4.       Optional step.

cert2spc.exe MyCodeSigningCA.cer MyCodeSigningCA.spc

5.       Use your PFX key to sign Test1.exe program.

signtool sign /f MyCodeSigningCA.pfx /p MYPASSWORD2 /v /t http://timestamp.verisign.com/scripts/timestamp.dll Test1.exe

6.       Install MyRootCA.cer  root certificate on Vista computer to LOCAL MACHINE store using Certificates MMC snap-in:

 

a)      Run MMC.EXE on Vista computer (Start, Start Search, type mmc.exe, press Enter). MMC console window appears.

b)      Choose File, Add/Remove Snap-in menu command,  the list of snap-ins appears, choose Certificates, choose Add command. The Certificates snap-in dialog appears, choose [x]Computer account radio button.  Select computer dialog appears, choose Local computer.

c)       The Certificates (Local computer) snap-in node appears in MMC left window.

Select Certificates (Local computer)-Trusted Root Certification Authorities  Certificates node.

Choose All Tasks  Import& context menu command on Certificates node.

d)      Import your MyRootCA.cer certificate.

MyName Software  Root Certificate Authority will appear in the Trusted Root Certification Authorities certificates list, in Issued To and Issued By columns.

e)      Close MMC.

Run Test1.exe. Vista should detect the publisher of this EXE file as MyName Software Code Signing CA.

ANT IT WORKED, BUT ONLY FOR THIS PC.

These operations will be carried out on the Command Prompt with Admin privilege. You also need to have the sign tool exes to perform these operations.

I'd give it a try myself to see where it can go wrong, but need the exact same configuration.
So BOTH pc's are Vista? Which editions?


J.

no the system on which i made that certificate in Vista ultimate(activated) 32 bit. and the other system is windows XP. Actually it has nothing to do with the configuration as i think coz i tried this same application in same configuration of vista in another PC , there also it was showing the same problem.
 As i suppose the problem is related to import and export of some keys???

I dont have vista SDK installed in my PC. Will tat be creating any problem for me. Thanks for the link. I am trying if that works. But I have those sign code exes with me which i downloaded from a site.  If these works i will let u know.