signing an applet for IE

Posted on 2000-05-17
Medium Priority
Last Modified: 2010-05-18
Hi out there!
I got an question to signing the cab file. All the Files are in the bin directory of the sdk40. I wrote the following linies, everything's ok.
makecert -sk mykeyname -n "CN=my name" mytestcert.cer
cabarc myapplet.cab n  *.class + *.htm
cert2spc mytestcert.cer mytestcert.spc
signcode -j javasign.dll -jp print.ini myapplet.cab
 After this the error "There is no valid certificate in the my cert store " appears with "signing failed. Result = 8009200c, (-2146885620)" as error code. But that is only the thing that every manual tells me to do if i want an signed cab file to run my applet. In the print.ini is only one linie :

I allready was on www.suitable.com/... and the other sites I found.
Question by:Randal_Flagg

Accepted Solution

yatest5 earned 300 total points
ID: 2816977
I followed the stuff on http://www.suitable.com/Doc_CodeSigning.shtml and it all worked OK.

Here are my steps anyway.

1.  Make test certificate

makecert /sv "mykey.pvk" /n "CN=a name" mykey.cer

2.  Make .spc file

cert2spc mykey.cer mykey.spc

3.  tell IE to accept test root

setreg 1 TRUE

4.  Put all classes in a directory

5.  Call cabsign file as

cabsign dirname "mainfile" "low"

running in the directory immediately above the one with your classes in in the tree.

The cabsign thing is off the web site above and does all the stuff for you once you change the internal references to the .cer and .spc files.

I will replicate it below.  Copy it out and save it as cabsign.bat - then change the SET CERT FILE and SET KEY FILE links.  It then does all of the other stuff for you.

But, if you have any problems, I followed the instructions on the URL above and it worked fine, and what you have told me hasn't done that, copy the .bat files off the site such as the one below - it does work.

Good luck,


REM This batch file creates and signs a .cab file. The first argument should be the
REM name of the directory of files to be put into the cabinet (NO terminating "\",
REM please!) The second argument should be the formal name of the
REM applet. The third argument should be low, medium or high (generally low).
REM Note: you should be in the directory containing the directory of
REM files to be CABbbed/signed when you run this.

REM I'll set up a couple of variables to make things more readable. You'll need to
REM edit these values to match your setup. If you get an error such as
REM "Out of environment space" then you'll have to increase your environment space.
REM (Boy, do I love DOS.)

REM This is the location of the digital ID certificate file (.spc). For convenience,
REM I put mine in the same directory as my Navigator ID database.
SET CERT_FILE="g:\codesigning\teleca.spc"

REM This is the location of the digital ID private key file (.pvk).
SET KEY_FILE="g:\codesigning\teleca.pvk"

REM First, create the CAB file. The arguments here are:
REM    -r        Recurse into subdirectories
REM    -p        Preserve path names
REM    -P [arg]  Strip the argument (here "%1\") from the beginning of each path
REM    N  [arg]  Create the given named .cab file
REM    [rest]    Put these files (here "%1\*.*") into the .cab file
REM Note! this does NOT use the -s option to reserve space for the signature;
REM the latest version of signcode (from the Java SDK 2.01) doesn't need this.
ECHO *********** About to create .cab archive using cabarc ***********
cabarc -r -p -P %1\ N %1.cab %1\*.*

REM Next, sign the code. Arguments are:
REM    -j javasign.dll    This provides the tools to do Java permission levels
REM    -jp  [arg]         The permission level to be used
REM    -spc [arg]         Software publishing certificate file
REM    -v   [arg]         Private key file
REM    -n   [arg]         Nice name of archive (shown in digital ID dialog)
REM    [arg]              Archive file to be signed (here "%1.cab")
ECHO *********** About to sign archive using signcode ***********
signcode -j javasign.dll -jp %3 -spc %CERT_FILE% -v %KEY_FILE% -n %2 %1.cab

REM Finally, timestamp the code. (I put this in a separate command to make each
REM command simpler.) NOTE! for this to work you must have an Internet
REM connection up and running. Arguments are:
REM    -x                 Timestamp the archive; do not sign it (it's already done)
REM    -t   [arg]         The timestamp server's HTTP address (here it's VeriSign)
REM    -tr  [arg]         The number of times to try timestamping before giving up
REM    [arg]              Archive file to be timestamped (here "%1.cab")
ECHO *********** About to timestamp .cab archive using signcode ***********
signcode -x -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 5 %1.cab

REM Punt the various environment variables

ECHO *********** Done timestamping .cab archive ***********


Author Comment

ID: 2824842
Very good answer.But I still have the problem when I use the spc and v Options, the compiler points me to use that option. So that thing doesnot work. I tried also tried some different settings.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question