[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 812
  • Last Modified:

signing an applet for IE

Hi out there!
I got an question to signing the cab file. All the Files are in the bin directory of the sdk40. I wrote the following linies, everything's ok.
makecert -sk mykeyname -n "CN=my name" mytestcert.cer
cabarc myapplet.cab n  *.class + *.htm
cert2spc mytestcert.cer mytestcert.spc
signcode -j javasign.dll -jp print.ini myapplet.cab
 After this the error "There is no valid certificate in the my cert store " appears with "signing failed. Result = 8009200c, (-2146885620)" as error code. But that is only the thing that every manual tells me to do if i want an signed cab file to run my applet. In the print.ini is only one linie :

I allready was on www.suitable.com/... and the other sites I found.
1 Solution
I followed the stuff on http://www.suitable.com/Doc_CodeSigning.shtml and it all worked OK.

Here are my steps anyway.

1.  Make test certificate

makecert /sv "mykey.pvk" /n "CN=a name" mykey.cer

2.  Make .spc file

cert2spc mykey.cer mykey.spc

3.  tell IE to accept test root

setreg 1 TRUE

4.  Put all classes in a directory

5.  Call cabsign file as

cabsign dirname "mainfile" "low"

running in the directory immediately above the one with your classes in in the tree.

The cabsign thing is off the web site above and does all the stuff for you once you change the internal references to the .cer and .spc files.

I will replicate it below.  Copy it out and save it as cabsign.bat - then change the SET CERT FILE and SET KEY FILE links.  It then does all of the other stuff for you.

But, if you have any problems, I followed the instructions on the URL above and it worked fine, and what you have told me hasn't done that, copy the .bat files off the site such as the one below - it does work.

Good luck,


REM This batch file creates and signs a .cab file. The first argument should be the
REM name of the directory of files to be put into the cabinet (NO terminating "\",
REM please!) The second argument should be the formal name of the
REM applet. The third argument should be low, medium or high (generally low).
REM Note: you should be in the directory containing the directory of
REM files to be CABbbed/signed when you run this.

REM I'll set up a couple of variables to make things more readable. You'll need to
REM edit these values to match your setup. If you get an error such as
REM "Out of environment space" then you'll have to increase your environment space.
REM (Boy, do I love DOS.)

REM This is the location of the digital ID certificate file (.spc). For convenience,
REM I put mine in the same directory as my Navigator ID database.
SET CERT_FILE="g:\codesigning\teleca.spc"

REM This is the location of the digital ID private key file (.pvk).
SET KEY_FILE="g:\codesigning\teleca.pvk"

REM First, create the CAB file. The arguments here are:
REM    -r        Recurse into subdirectories
REM    -p        Preserve path names
REM    -P [arg]  Strip the argument (here "%1\") from the beginning of each path
REM    N  [arg]  Create the given named .cab file
REM    [rest]    Put these files (here "%1\*.*") into the .cab file
REM Note! this does NOT use the -s option to reserve space for the signature;
REM the latest version of signcode (from the Java SDK 2.01) doesn't need this.
ECHO *********** About to create .cab archive using cabarc ***********
cabarc -r -p -P %1\ N %1.cab %1\*.*

REM Next, sign the code. Arguments are:
REM    -j javasign.dll    This provides the tools to do Java permission levels
REM    -jp  [arg]         The permission level to be used
REM    -spc [arg]         Software publishing certificate file
REM    -v   [arg]         Private key file
REM    -n   [arg]         Nice name of archive (shown in digital ID dialog)
REM    [arg]              Archive file to be signed (here "%1.cab")
ECHO *********** About to sign archive using signcode ***********
signcode -j javasign.dll -jp %3 -spc %CERT_FILE% -v %KEY_FILE% -n %2 %1.cab

REM Finally, timestamp the code. (I put this in a separate command to make each
REM command simpler.) NOTE! for this to work you must have an Internet
REM connection up and running. Arguments are:
REM    -x                 Timestamp the archive; do not sign it (it's already done)
REM    -t   [arg]         The timestamp server's HTTP address (here it's VeriSign)
REM    -tr  [arg]         The number of times to try timestamping before giving up
REM    [arg]              Archive file to be timestamped (here "%1.cab")
ECHO *********** About to timestamp .cab archive using signcode ***********
signcode -x -t http://timestamp.verisign.com/scripts/timstamp.dll -tr 5 %1.cab

REM Punt the various environment variables

ECHO *********** Done timestamping .cab archive ***********

Randal_FlaggAuthor Commented:
Very good answer.But I still have the problem when I use the spc and v Options, the compiler points me to use that option. So that thing doesnot work. I tried also tried some different settings.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now