How can I sign an ActiveX control with a code signing certificate and be a verified publisher?

Posted by davidcl on Stack Overflow See other posts from Stack Overflow or by davidcl
Published on 2010-05-11T20:32:59Z Indexed on 2010/05/11 23:14 UTC
Read the original article Hit count: 514

Filed under:

authenticode

|

certificates

|

activex

|

signtool

|

thawte

I'm trying to sing an ActiveX control with a code signing certificate issued by Thawte. I was able to successfully sign the control using signtool.exe.

When I look at the file properties, it says "The certificate in the signature cannot be verified."

When I view the certificate it says "Windows does not have enough information to verify the certificate."

On the certification path tab, it says "The issuer of this certificate cannot be found."

In internet explorer, the certificate is recognized as signed but the user receives warnings that the publisher is not verified.

I've tried creating a single PFX file containing my certificate along with the root and intermediate certificates that chain to my Thawte developer certificate, and then re-signing the control using that PFX file. No dice.

Any suggestions?

© Stack Overflow or respective owner

Related posts about authenticode

Get timestamp from Authenticode Signed files in .NET

as seen on Stack Overflow - Search for 'Stack Overflow'
We need to verify that binary files are signed properly with digital signature (Authenticode). This can be achieved with signtool.exe pretty easily. However, we need an automatic way that also verifies signer name and timestamp. This is doable in native C++ with CryptQueryObject() API as shown in… >>> More
Find out if assembly is signed with Authenticode

as seen on Stack Overflow - Search for 'Stack Overflow'
I use an assembly of a 3rd party vendor. In an older version this assembly used authenticode. This caused the assembly loading to last quiet long. The developer of the vendor told me that the new version is not signed with authenticode. How can I check if this is true. On my development machine the… >>> More
Verify Authenticode signature as being from our company for automatic updater

as seen on Stack Overflow - Search for 'Stack Overflow'
I am implementing an automatic update feature and need some advice on how to do this securely using best practices. I would like to use the downloaded file's Authenticode signature to verify that it is safe to run (i.e. originates from our company and hasn't been tampered with). My question is very… >>> More
Possible to use Authenticode to sign/verify proprietary file formats?

as seen on Stack Overflow - Search for 'Stack Overflow'
Is it possible to use an Authenticode signing certificate to sign and validate proprietary file formats? Over time I've seen the Authenticode format extended to support VBA. JAR files, and even Open Office files so I'm thinking that it may be extensible to other file formats. Malcolm >>> More
How to sign installation files of a Visual Studio .msi

as seen on Stack Overflow - Search for 'Stack Overflow'
This may be a duplicate, though I can't find it at this time. If so please point me in the right direction. I recently purchased an authenticode certificate from globalsign and am having problems signing my files for deployment. There are a couple of .exe files that are generated by a project and… >>> More

Related posts about certificates

Clearing Java certificates cache (force reload certificates)

as seen on Server Fault - Search for 'Server Fault'
A simple question here. One application gave me this exception when trying to access a website with a expired certificate: java.security.cert.CertificateExpiredException So, I renewed the certificated from the website machine and restarted it. When I try to access it from Firefox or Chrome it will… >>> More
SSL certificates and types for securing your websites and applications

as seen on Server Fault - Search for 'Server Fault'
Need to share few information regarding SSL certificates and there types, which SSL certificates are widely used etc. There are several SSL certificates available in the market today inorder to secure your domains, multiple subdomains, your applications and code too. Few of the details are mentioned… >>> More
ca-certificates-java fails to install

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I use a VPS with Ubuntu Server 10.10. I want to use Jetty and run the command sudo apt-get install jetty but it fails because the installation encounted errors while processing ca-certificates-java. I have tried to install the failed package with: sudo apt-get install ca-certificates-java How can… >>> More
apport-collect fails with "certificate verify failed" when trying to report a bug on launchpad

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am trying to report a bug but I get root@beagle:/usr/lib/python2.7/dist-packages/apport# apport-collect <bug_id> ERROR: connecting to Launchpad failed: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed You can reset the credentials by… >>> More
Hot to get XChat to trust CA certificate?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have created an SSL certificate authority including a sub-authority to issue certificates. I have copied the root certificate to /usr/share/ca-certificates/extra and added it to /etc/ca-certificates, then ran dpkg-reconfigure ca-certificates and update-ca-certificates. After it said "Adding debian:… >>> More