Changes between Version 46 and Version 47 of BuildingUsingGenericBuildsystem


Ignore:
Timestamp:
05/15/12 14:12:51 (12 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BuildingUsingGenericBuildsystem

    v46 v47  
    324324You can reuse your existing, verified (=paid for) certificates fairly easily. Provided you have a .spc and .pvk files at hand, you can use [attachment:spc+pvk-to-p12.sh this script] to convert them into a PKCS12 keystore. If that fails, adapt the manual instructions, below, to your needs.
    325325
    326 == Creating self-signed code-signing certificate using MS tools ==
     326== Using self-signed code-signing certificate generated using MS tools ==
     327
     328=== Creating the certificate ===
    327329
    328330You can generate self-signed keys and certificates and sign the various OpenVPN components with those. First, create the certificate on a Windows box with ''makecert'' (adapted from [http://stackoverflow.com/questions/84847/how-do-i-create-a-self-signed-certificate-for-code-signing-on-windows here]):
     
    351353 * testspc.pvk
    352354
    353 == Converting the certificate ==
     355=== Converting the certificate ===
    354356
    355357The next step is to convert these into a format [http://sourceforge.net/projects/osslsigncode/ osslsigncode] can understand. As described [http://sourceforge.net/projects/osslsigncode/forums/forum/438747/topic/1706587 here], first you need to convert the actual code-signing certificate into p7b format. One way to do that is described below:
     
    381383You will need these later, when creating a PKCS12 file.
    382384
    383 == Converting the private key ==
     385=== Converting the private key ===
    384386
    385387As described [http://sourceforge.net/projects/osslsigncode/forums/forum/438747/topic/1706587 here], you will also need to convert the private key. Because it's in a proprietary [http://www.drh-consultancy.demon.co.uk/pvk.html PVK] format, you need to use the [http://www.drh-consultancy.demon.co.uk/pvk.html pvk.exe] tool on the Windows box to convert it into PEM format:
     
    395397}}}
    396398
    397 == Creating a PKCS12 file ==
     399=== Creating a PKCS12 file ===
    398400
    399401If you want to integrate the signing into OpenVPN build, you need to create a PKCS12 file. At this point you should have these files:
     
    421423== Creating self-signed code-signing pkcs12 archive using OpenSSL ==
    422424
    423 All of the above can be replaced with two simple OpenSSL commands:
     425All of the above can be replaced with two simple OpenSSL commands (from Alon Bar-Lev):
    424426
    425427{{{