Frequently Asked Questions

Signing Your Applications and Screensaver Installers

Question:

How do I sign my Screentime screensaver installer or mProjector application?
When my users launch the installer they get a security warning message that lists the "Publisher" as "Unknown Publisher". How do I set the Publisher to be my company?

Answer:

You will need to buy a code signing certificate and sign your installer or application. We plan on integrating code signing into our products, however, until then follow these instructions.


Get A Code Signing Certificate:

1. What is Code Signing?

Code signing certificates are used by content publishers to append digital signatures to their products. These digital signatures prove to consumers of the content the identity of the creator and validate that content has not been tampered with since it was originally distributed. Code signing has becoming increasingly important, with the rapid growth of Internet distribution of content and tightened security settings in many newer browsers and/or operating systems.

2. Where can I buy a certificate?

There are a bunch of companies that offer certificates and the prices are always changing. VeriSign and Comodo are the big names in the certificate business, but shop around, you may find a deal. You can sign as many files as you want to while your certificate is valid.

3. Should I buy a 1-year or 3-year certificate?

Buy a 3-year certificate. This process is hard enough that you will only want to do every three years.

4. Gather the documentation you'll need to prove your identity - any two of following documents should be sufficient:

  • Articles of Incorporation (with address).
  • Government Issued Business License (with address).
  • Copy of a recent company bank statement (you may blacken out the Account Number).
  • Copy of a recent company phone bill.
  • Copy of a recent major utility bill of the company (i.e. power bill, water bill, etc.) or current lease agreement for the company.

5. Apply for your Certificate using XP and Internet Explorer:

  • Do NOT use a Vista computer! Be sure you will have access to the XP computer in a few days when your certificate is ready for pickup.
  • USE INTERNET EXPLORER. Do NOT use a different browser.

6. Once you're notified that your certificate is available, be sure to use the same XP computer to download it. Once you have downloaded your certificate, you can move the Certificate to another PC running other versions of Window to do your code-signing

7. Once you have your certificate files, safeguard both the certificate files and your password. Make copies of the cert files and burn at least one copy onto a CD. Keep your password somewhere safe and memorable. You won't be able to sign your files without the password.


Download and Install Code Signing Tools from Microsoft:

You will need the following three files to do code signing:

  • signtool.exe
  • pvk2pfx.exe
  • capicom.dll

and they are available as part of the free downloadable Windows SDK from the Microsoft.

Look for the - Web Setup - link in the Instruction section of the page. Using this link significantly reduces the size of the download as you can download and install the just the components you need.

Once the installer is running, choose Custom Install and select Win32 Development tools only.

By default, these files will be installed in this folder:

C:/Program Files/Microsoft SDKs/Windows/v6.1/Bin


Make a PFX:

The SignTool requires a .PFX file. If your certificate comes in the form of a .spc (certificate) file and a pvk (private key) file, you will need to combine them into a .pfx.

1. Copy your certificate files (yourcert.spc and yourkey.pvk) into the same folder where you have pvk2pfx.exe installed.

2. Open a Windows command window - click the Start button, select the Run... menu item, then in the Run dialog window type cmd.

3. Navigate to the directory containing your certificate files and the pvk2pfx.exe utility

cd C:Program FilesMicrosoft SDKsWindowsv6.1Bin

4. Run pvk2pfx. Here's a string you can use to get started.

pvk2pfx -pvk yourkey.pvk -pi yourpassword spc yourcert.spc -pfx yourcert.pfx


Sign Your Exe

1. Make sure your .pfx file is in the same directory as signtool.exe - C:/Program Files/Microsoft SDKs/Windows/v6.1/Bin - the same location as the pvk2pfx utility.

2. Open a Windows command window - Click the Start button then select the "Run..." menu item, type "cmd" in the Run dialog window, and click Run.

3. Navigate to the directory containing your certificate files.

cd C:/Program Files/Microsoft SDKs/Windows/v6.1/Bin

4. Run Signtool. Here's what it will look like.

Signtool sign /f yourcert.pfx /p yourpassword /t atimestampURL "fullpathtoyourexe.exe"

We use VeriSign's timestamp URL: "http://timestamp.verisign.com/scripts/timstamp.dll"

EX: Signtool sign /f yourcert.pfx /p yourpassword /t "http://timestamp.verisign.com/scripts/timstamp.dll" "fullpathtoyourexe.exe"

Once you have gone through this process once you can create an executable .bat file with the signtool command and use it over and over again.


More Info:

 

 

If you have additional questions or have ideas on how to improve an FAQ, contact us. Please include a link to the FAQ in your email.

meilleur generique viagra legal cialis uk kamagra jelly uk fast delivery kamagra uk next day delivery herbal viagra women uk kamagra 100 gold uk cheapest tadalafil uk buy viagra gel online uk cheap viagra uk no prescription buy viagra uk reviews buy viagra in leicester buy viagra jelly online uk cheap kamagra jellies uk chewable kamagra uk kamagra oral jelly review uk