Solved

self-signed certificate problem

Posted on 2003-12-09
6
1,952 Views
Last Modified: 2007-12-19
I have made a self-signed certificate, transformed the certificate to Software Publisher Certificate and signed my cab file.

After I installed the certificate in "Trusted Root Certification Authorities" everything works as expected. That is, when I browse to the page on the remote site where I have placed the page and the cab file a security warning appear, "Do you want to install and run..", when I answer yes all files is extracted and my activex control shows in the browser.

The problem is that it does not work on other computers - even if I install the certificate in "Trusted Root Certification Authorities" on the other computer. I know that the problem is not any missing files (a normal installation works with the same files).

It just will not unpack and install the files. The security warning come up but nothing happens. Is this behavior by design for self-signed certificates?
0
Comment
Question by:rolftollerud
  • 3
  • 3
6 Comments
 
LVL 58

Expert Comment

by:amit_g
ID: 9908396
There must be something else that is wrong - for example a intranet vs. internet zone. There is a difference between a self-signed and CA-signed certificate. The browser does not trust the certificate and so it treats the ActiveX being unsigned and so it does not download it for installation. In internet explorer go to Tools->Security->Custom Level and change the "Download unsigned ActiveX controls" from disable to prompt. Now the browser will ask you if it should download and tell you that the certificate is not trusted.

You can put your site in Trusted Sites and then IE will download and install it without any warning.
0
 
LVL 7

Author Comment

by:rolftollerud
ID: 9910289
Changing to "Download unsigned ActiveX controls" makes no difference. I can not put put my site in Trusted Sites because it is not SSL enabled. Anyway, why does it work on the computer where I orginally made the certificate?
The site is http://mirabit.net/miracrm/default.htm, the control contains no spam-trojans or virus of any kind.

Regards
Rolf Tollerud
0
 
LVL 58

Accepted Solution

by:
amit_g earned 500 total points
ID: 9914310
Your inf file has more entries than required. Extract the files from cab and put them in a folder. Right click on inf file and select install. This throws error. You need not put entries for files like comctl32.ocx. If you have those entries than you will have to include those ocx/dlls in your cab. Remove those entries and test the installation again. Do all this in a computer that doesn't have your components already installed. When your local install is done without any error, pack that set of inf with all dependent files and try it on the web page.

You can put any site as trusted. The default is https but you can take that option out. Please note that this is only to test. Do not put anything in trusted site unless you either own the site or know for quite sure that it is harmless.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 7

Author Comment

by:rolftollerud
ID: 9921138
ok I got it working. The issue had to do with overflow in a routine that checked the number of color on the screen. The error didn't show up on my computes that was set to 16 bit color..

I  got some good out of this anyhow. I have to pack comctl32.ocx, but not with the option "download from MS site" because I want to avoid the obligatory restart at all cost. The 6.0.81.5 version from 5/22/200 is sufficient in  99% of all cases and there is no restart.

So if you only could confirm that it works (http://www.mirabit.net/miraocx/) click on the logo in upper left corner to activate the database I will award you the points. Don't forget to unregister windows/mira.ocx.

Thank you for the help and even for dowload of an unsigned control from somebody you don't know! It is amazing really the help you got here in EE.

Regards
Rolf Tollerud
0
 
LVL 58

Expert Comment

by:amit_g
ID: 9922589
It works.

I downloaded it because I have seen you answering questions and helping other in Web Development TA. I assumed that a person helping others would not do anything to harm others :) I hope my assumption is correct.
0
 
LVL 7

Author Comment

by:rolftollerud
ID: 9924042
thank you Amit, I hope I can return the favour sometimes!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I spend far too much time on the web keeping up with the news: politics, the environment, computer stuff, the Experts Exchange. It's never-ending. But many of the most informative web pages are overwhelmed with noise: scrolling banners, flashing tex…
I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question