Changes between Version 46 and Version 47 of BuildingUsingGenericBuildsystem
- Timestamp:
- 05/15/12 14:12:51 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BuildingUsingGenericBuildsystem
v46 v47 324 324 You can reuse your existing, verified (=paid for) certificates fairly easily. Provided you have a .spc and .pvk files at hand, you can use [attachment:spc+pvk-to-p12.sh this script] to convert them into a PKCS12 keystore. If that fails, adapt the manual instructions, below, to your needs. 325 325 326 == Creating self-signed code-signing certificate using MS tools == 326 == Using self-signed code-signing certificate generated using MS tools == 327 328 === Creating the certificate === 327 329 328 330 You can generate self-signed keys and certificates and sign the various OpenVPN components with those. First, create the certificate on a Windows box with ''makecert'' (adapted from [http://stackoverflow.com/questions/84847/how-do-i-create-a-self-signed-certificate-for-code-signing-on-windows here]): … … 351 353 * testspc.pvk 352 354 353 == Converting the certificate==355 === Converting the certificate === 354 356 355 357 The next step is to convert these into a format [http://sourceforge.net/projects/osslsigncode/ osslsigncode] can understand. As described [http://sourceforge.net/projects/osslsigncode/forums/forum/438747/topic/1706587 here], first you need to convert the actual code-signing certificate into p7b format. One way to do that is described below: … … 381 383 You will need these later, when creating a PKCS12 file. 382 384 383 == Converting the private key==385 === Converting the private key === 384 386 385 387 As described [http://sourceforge.net/projects/osslsigncode/forums/forum/438747/topic/1706587 here], you will also need to convert the private key. Because it's in a proprietary [http://www.drh-consultancy.demon.co.uk/pvk.html PVK] format, you need to use the [http://www.drh-consultancy.demon.co.uk/pvk.html pvk.exe] tool on the Windows box to convert it into PEM format: … … 395 397 }}} 396 398 397 == Creating a PKCS12 file==399 === Creating a PKCS12 file === 398 400 399 401 If you want to integrate the signing into OpenVPN build, you need to create a PKCS12 file. At this point you should have these files: … … 421 423 == Creating self-signed code-signing pkcs12 archive using OpenSSL == 422 424 423 All of the above can be replaced with two simple OpenSSL commands :425 All of the above can be replaced with two simple OpenSSL commands (from Alon Bar-Lev): 424 426 425 427 {{{