pedja11
asked on
Certificate
I would like to sign .cab file with ActiveX control that will be used on a web page. Therefore, I created certificate on Windows 2003 Server and signed cab with Signtool wizard.
When I try to verify the cab file, the following message appears:
SignTool Error: a certificate chain processed, but terminated in a root certificate which is not trusted by trust provider.
Any solution?
Pedja
When I try to verify the cab file, the following message appears:
SignTool Error: a certificate chain processed, but terminated in a root certificate which is not trusted by trust provider.
Any solution?
Pedja
ASKER
I've done it, but I still get the same message.
Maybe my certificate was not created as it has to be.
Any advice?
Maybe my certificate was not created as it has to be.
Any advice?
ASKER
When I create .cer everything is OK. But then when I create .pvk, with makecert, .cer is changed and than it "can't be verified up to a trusted certification authority"
I need pvk to sign cab. Is it possible to sign it without pvk?
I need pvk to sign cab. Is it possible to sign it without pvk?
this i a step by step to signing a .cab file
http://support.microsoft.com/kb/247257/
http://support.microsoft.com/kb/247257/
ASKER
I signed .cab file.
When I open web page with this cab on server where I signed cab, everything works fine, but when I open this page from client, it is Unknown Publisher still.
When I open web page with this cab on server where I signed cab, everything works fine, but when I open this page from client, it is Unknown Publisher still.
this is coz you don't install the cer trusted in it's root
you have to do the steps that i noticed in the first post
you have to do the steps that i noticed in the first post
ASKER
Maybe this can help you: when I install root certificate from server on client, everything is OK.
Of course, I want to avoid this installation.
Of course, I want to avoid this installation.
look at this maybe it will help you ..
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/559bb9d5-0515-4397-83e0-c403c5ed86fe.mspx?mfr=true
http://www.isaserver.org/img/upl/vpnkitbeta2/pubwebenroll.htm
http://support.microsoft.com/kb/313071
http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/559bb9d5-0515-4397-83e0-c403c5ed86fe.mspx?mfr=true
http://www.isaserver.org/img/upl/vpnkitbeta2/pubwebenroll.htm
http://support.microsoft.com/kb/313071
http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx
ASKER
Didn't help
If you don't want users to install the root certificate form you server then you will have to buy and use a certificate issued by a trusted certificate authority. Those root certificates are already added to most browsers by default.
Examples are globalsign, thawte, verisign, ...
J.
Examples are globalsign, thawte, verisign, ...
J.
ok just i need to be sure, if you have domain , iis 5 or 6 the sever 2003 is the domain controler or any other domain in your network
if you don't have all this things so you can't avoid that message and you can't do anything (else signe your file with internationl signer http://www.verisign.com/)
if you don't have all this things so you can't avoid that message and you can't do anything (else signe your file with internationl signer http://www.verisign.com/)
ASKER
I do have IIS6 on Server 2003.
Can I sign cab without Verisign or is it the only solution?
Can I sign cab without Verisign or is it the only solution?
Using a trusted certificate authority is the only sollution. That's why they are thrusted ;-)
Otherwise anyone could just issue a selfsigned certificate and users would trust the software without being able to verify where it really is originating from.
J.
Otherwise anyone could just issue a selfsigned certificate and users would trust the software without being able to verify where it really is originating from.
J.
ASKER
Mnf says something different.
Mnf, I'm waiting for your response.
It makes sense to me. This control should work on web, not only in local network.
Mnf, I'm waiting for your response.
It makes sense to me. This control should work on web, not only in local network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try this steps
1. Right-click the certificate file and select Open from the resulting menu. This will display the Properties dialog for the file.
2. On the Properties dialog, click on the Install Certificate button to start the Certificate Import wizard.
3. In the wizard, click on the Next button and then choose the Place all certificates in the following store option.
4. Click on the Browse button to open the Select Certificate Store dialog.
5. Check the Show physical stores check box to allow you to expand the listed stores.
6. Expand the Trusted Root Certification Authorities store and select the Local Computer store below it.
7. Click on the OK button to save your selection
6. Click on the Next and Finish buttons to complete installation of the certificate.
if you are trying to verify the cab file in other pc so do the above steps in the target pc