Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate

Posted on 2006-11-07
16
Medium Priority
?
1,679 Views
Last Modified: 2008-01-09
I would like to sign .cab file with ActiveX control that will be used on a web page. Therefore, I created certificate on Windows 2003 Server and signed cab with Signtool wizard.
When I try to verify the cab file, the following message appears:
SignTool Error: a certificate chain processed, but terminated in a root certificate which is not trusted by trust provider.

Any solution?

Pedja
0
Comment
Question by:pedja11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
16 Comments
 
LVL 6

Expert Comment

by:Mnf
ID: 17896794
you have to install the issued certificte in the Trusted Root Certification Authorities.
try this steps
1.   Right-click the certificate file and select Open from the resulting menu. This will display the Properties dialog for the file.
2.   On the Properties dialog, click on the Install Certificate button to start the Certificate Import wizard.
3.   In the wizard, click on the Next button and then choose the Place all certificates in the following store option.
4.   Click on the Browse button to open the Select Certificate Store dialog.
5.   Check the Show physical stores check box to allow you to expand the listed stores.
6.   Expand the Trusted Root Certification Authorities store and select the Local Computer store below it.
7.   Click on the OK button to save your selection
6. Click on the Next and Finish buttons to complete installation of the certificate.

if you are trying to verify the cab file in other pc so do the above steps in the target pc
0
 

Author Comment

by:pedja11
ID: 17896925
I've done it, but I still get the same message.
Maybe my certificate was not created as it has to be.
Any advice?
0
 

Author Comment

by:pedja11
ID: 17897074
When I create .cer everything is OK. But then when I create .pvk, with makecert, .cer is changed and than it "can't be verified up to a trusted certification authority"
I need pvk to sign cab. Is it possible to sign it without pvk?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 6

Expert Comment

by:Mnf
ID: 17897107
this i a step by step to signing a .cab file
http://support.microsoft.com/kb/247257/
0
 

Author Comment

by:pedja11
ID: 17897553
I signed .cab file.
When I open web page with this cab on server where I signed cab, everything works fine, but when I open this page from client, it is Unknown Publisher still.
0
 
LVL 6

Expert Comment

by:Mnf
ID: 17897587
this is coz you don't install the cer trusted in it's root
you have to do the steps that i noticed in the first post
0
 

Author Comment

by:pedja11
ID: 17897610
Maybe this can help you: when I install root certificate from server on client, everything is OK.
Of course, I want to avoid this installation.
0
 

Author Comment

by:pedja11
ID: 17898264
Didn't help
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17898361
If you don't want users to install the root certificate form you server then you will have to buy and use a certificate issued by a trusted certificate authority. Those root certificates are already added to most browsers by default.
Examples are globalsign, thawte, verisign, ...

J.
0
 
LVL 6

Expert Comment

by:Mnf
ID: 17898376
ok just i need to be sure, if you have domain , iis 5 or 6 the sever 2003 is the domain controler or any other domain in your network

if you don't have all this things so you can't avoid that message and you can't do anything (else signe your file with internationl signer http://www.verisign.com/)
0
 

Author Comment

by:pedja11
ID: 17898412
I do have IIS6 on Server 2003.

Can I sign cab without Verisign or is it the only solution?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17898544
Using a trusted certificate authority is the only sollution. That's why they are thrusted ;-)
Otherwise anyone could just issue a selfsigned certificate and users would trust the software without being able to verify where it really is originating from.

J.
0
 

Author Comment

by:pedja11
ID: 17898599
Mnf says something different.
Mnf, I'm waiting for your response.

It makes sense to me. This control should work on web, not only in local network.
0
 
LVL 6

Accepted Solution

by:
Mnf earned 400 total points
ID: 17898780
ooh
you can issue and trust if you have a domain and you work on local aria connection (LAN), so if you have a domian and you have iis and you want to trust the issur so you have to follows the link i gave you, this is only will be true in your domain and local web pages on your server, but if you don't have all this so you can't do this and only international signer will do this
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 100 total points
ID: 17898967
Pedja: Mnf is correct: within your own controlled environment using Active Directory you can go without a trusted authority, but not outside this.
I was asuming that you want this for outside your own domain.

J.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question