Changes between Version 71 and Version 72 of BuildingOnWindows
- Timestamp:
- 03/17/11 11:58:28 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BuildingOnWindows
v71 v72 234 234 }}} 235 235 236 For details on the syntax see [http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.80).aspx Makecert.exe reference]; for moredetails look [http://msdn.microsoft.com/en-us/windows/hardware/gg487332 here].236 For details on the syntax see [http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.80).aspx Makecert.exe reference]; for higher-level details look [http://msdn.microsoft.com/en-us/windows/hardware/gg487332 here]. 237 237 238 238 == Installing the test certificate to build and target computers == 239 239 240 Both build and target computers need to have the test certificate in their keystores. The ''build computer'' needs it for signing the driver catalog with ''signtool.exe''. The ''target computer'', on the other hand, needs to have the certificate installed to allow "trusting" it and loading it into the kernel.240 Both build and target computers need to have the test certificate in their keystores. The ''build computer'' needs it for signing the driver catalog with ''signtool.exe''. The ''target computer'', on the other hand, needs to have the certificate installed or it won't trust the driver and won't allow loading it to the kernel. 241 241 242 242 In both cases the certificate is imported using [http://msdn.microsoft.com/en-us/library/e78byta0%28v=vs.80%29.aspx certmgr.exe]: … … 247 247 }}} 248 248 249 Alternatively you can launch ''certmgr.exe'' without parameters and use the certificate import wizard. Although usage of ''certmgr.exe'' is straightforward, it is included (only?) in the massive [http://www.microsoft.com/downloads/en/details.aspx?FamilyID=71deb800-c591-4f97-a900-bea146e4fae1&displaylang=en Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1] package.249 You can also launch ''certmgr.exe'' without parameters and use the certificate import wizard. Although usage of ''certmgr.exe'' is straightforward, it is included (only?) in the massive [http://www.microsoft.com/downloads/en/details.aspx?FamilyID=71deb800-c591-4f97-a900-bea146e4fae1&displaylang=en Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1] package, which you need to install. 250 250 251 251 == Creating and signing the catalog file == … … 253 253 In order to sign the TAP-driver, you need to do three things: 254 254 255 * Build OpenVPN and the TAP-driver 255 256 * Create a catalog definition (.cdf) file with a text editor 256 * Create a catalog file with [http://msdn.microsoft.com/en-us/library/aa386967%28v=vs.85%29.aspx MakeCat.exe]257 * Sign the catalog file with [http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx Signtool.exe]258 259 The catalog definition file (e.g. tap.cdf) can be relatively simple:257 * Create a catalog file (.cat) from the .cdf with [http://msdn.microsoft.com/en-us/library/aa386967%28v=vs.85%29.aspx MakeCat.exe] 258 * Sign the catalog file (.cat) with [http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx Signtool.exe] 259 260 After building OpenVPN and TAP-drivers go to ''<openvpn-sources>/dist/amd64''. There you'll find ''tap0901.sys'' and ''OemWin2k.inf'' files. Create a catalog definition file (e.g. ''tap.cdf'') that look like this: 260 261 261 262 {{{ 262 263 [CatalogHeader] 263 264 264 Name=tap0901.cat 265 266 265 PublicVersion=0x00000010 267 268 266 ResultDir=.\ 269 270 267 EncodingType= 271 268 272 273 274 269 [CatalogFiles] 275 276 270 tap0901.inf=tap0901.sys 277 278 271 OemWin2k.inf=OemWin2k.inf 279 272 280 273 }}} 281 274 282 Once the definition file is finished, copy ''tap0901.sys'' and ''OemWin2k.inf'' to the working directory and generate the real catalog file:275 Make sure you have a linefeed at the end. Next generate the real catalog file using ''makecat'': 283 276 284 277 {{{ … … 286 279 }}} 287 280 288 N ext you need to sign the catalog file:281 Now sign the catalog file with ''signtool'': 289 282 290 283 {{{ … … 293 286 294 287 As long as the test certificate has been imported using ''certmgr.exe'' (see above), this command should work. 288 289 If you want, repeat this process for 32-bit version of the TAP-driver starting from ''<openvpn-sources>/dist/i386''. 295 290 296 291 == Enabling test mode on target computer ==