Ask a Question related to ASP.NET Security, Design and Development.
-
Luca Vanuzzo #1
Help for ActiveX (2)
Hi YanHong,
I was very busy in the last days with other business problems, but now I'm
ready to solve the problem about ActiveX control and the security warning on
Internet Explorer.
I followed all your instructions about the creation of the certificate and
I signed my myocx.ocx, run chktrust
correctly and import ed the certificate in the Trusted Root Certification
Authorities. In the browser I set for
the prompt for the unsigned ActiveX controls and the activation for signed
ActiveX control. In the development
PC I have already the explorer warning. I have no warning with the
activation of unsigned ActiveX control.
If I try to load the page in another PC I download automatically the
myocx.ocx and install the certificate
manually from the trusted dialog box that appear when I call the page. But I
have still the warning message.
I tried also with an installation of an Certification Autority in a windows
2000 server: I created the certificate and
installed it in the development PC and signed myocx.ox but I have still the
warning message.
I think there is a wrong operation I did. Have you some other ideas ?
Thank you,
Luca
Luca Vanuzzo Guest
-
ActiveX
I am have trouble making the internet keys on my keyboard to work, it tells me to activate ActiveX but I have already gone into... -
ActiveX??
So I designed an HTML e-mail for my work http://www.hookweb.net/testing/devotional.htm But aparently there are people who receive the e-mail that... -
ActiveX on Mac OSX
Does the Active X xtra come with Director MX for Mac? The trial version did not have it and I need it to access web pages within my program. thanks -
Help for ActiveX
I have created an ActiveX control for use on a web application for an intranet. Do I still have to pay for a Certification Authority to sign my... -
Activex dll
how do we register an activex dll in win98? is regsvr32 sufficient? I want to create an object in asp. it is no problem in win2000 by assignin the... -
[MSFT] #2 RE: Help for ActiveX (2)
Hi Luca,
Thank you for using the community. Currently, I am looking into the
question. As I understand, you need sign the cab file which contains an
ActiveX control, and use it in IE. To achieve this, you may following these
steps:
TO CREATE PVK AND SPC FILES
===========================
1) Go to to http://<machineName>/certsrv/ (this is the home directory
specified during Certificate Server installation)
2) Select "Certificate Enrollment Tools" link
3) Select "Request a Client Authentication Certificate" link
4) On "Certificate Enrollment Form" press Advanced button
5) On Advanced Settings, specify:
- Key Spec: Signature
- Algorithm: MD5
- Properties:
. Export Private Keys to a File
. Allow keys to exported
. Create a SPC file
- Usage: Code Signing
- CSP: Microsoft Base Cryptographic Provider 1.0
6) Press OK
7) On Xenroll dialog box:
Save PVK file as: <type the path and name for the PVK file>
9) Press OK
10) It goes back to certificate Enrollment Form
11) On Certificate Enrollment Form, specify:
- Name: <the name that will appear on certificate>
- Department: <same as above, department>
- Organization: <same as above, organization>
- City: <same as above, city>
- State: <same as above, state>
- Country: <same as above, country>
- E-Mail: <same as above, email>
12) Press Submit Request button
13) On Create Private Key Password dialog box, specify:
- Path and name of the Private Key file
- Password: ******
- Confirm Password: ******
14) Press OK (or None if you intent to leave the password empty)
15) It goes to "Certificate Download page"
16) Press Download button
17) On Xenroll dialog box, specify the path and file name for the SPC file.
18) Press OK
19) If a messagebox appears asking about creating a "software publisher
certificate", answer YES.
20) The PVK and SPC files are OK now. Go to next steps:
TO SIGN CAB OR EXE FILES
========================
1) Download the Authenticode:
- Go to
[url]http://msdn.microsoft.com/downloads/c-frame.htm?003#/downloads/tools/[/url]
- On the left pane, Tools TOC, select +Microsoft Downloads
- Select MS Authenticode (IE4)
- On the right pane, click "Download Authenticode (343K)".
- Execute the file CODESIGN.EXE to uncompress it to a folder.
2) Place the following files in an empty directory:
- chktrust.exe (verify signatures)
- signcode.exe (signing utility)
- signer.dll (dependency file)
- *.pvk (private key)
- *.spc (public key)
- all unsigned cabs/exes
3) Use the program SIGNCODE.EXE to sign files:
signcode -v private.pvk -spc publickey.spc filename.cab
After these, you can Installing the Trusted Certificates in IE.
For more informaton on this question, you may refer to:
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247257[/url]
[url]http://msdn.microsoft.com/library/default.asp?url=/workshop/security/authcod[/url]
e/signing.asp
I also notice Yanghong had provided you some useful links, you can also
refer them:
[url]http://www.microsoft.com/windows/ie/using/howto/digitalcert/using.asp[/url]
Regards,
Luke
Microsoft Online Support
Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
[MSFT] Guest
-
Luca Vanuzzo #3 Re: Help for ActiveX (2)
Hi Luke,
thank you for your help.
I follwed all your instruction (the link
[url]http://msdn.microsoft.com/downloads/c-frame.htm?003#/downloads/tools/[/url] does
not exist, however) to create the certificate and sign my OCX (not CAB or
EXE !).
I imported the certificate from IE in the root trusted authorities; I had no
errors when I sow the certificate
and when I use chktrust for my OCX. But when I load the page from the
develop PC or in another PC
after the download of the OCX I have still the warning message. It seems
that the activex control is not
safe. If I active the execution of unsafe activex I have no warning message
....
Have you got any other idea ?
Thanks,
Luca
"[MSFT]" <lukezhan@online.microsoft.com> ha scritto nel messaggio
news:FYqX1SmAEHA.604@cpmsftngxa06.phx.gbl...these> Hi Luca,
>
> Thank you for using the community. Currently, I am looking into the
> question. As I understand, you need sign the cab file which contains an
> ActiveX control, and use it in IE. To achieve this, you may followingfile.> steps:
>
> TO CREATE PVK AND SPC FILES
> ===========================
>
> 1) Go to to http://<machineName>/certsrv/ (this is the home directory
> specified during Certificate Server installation)
>
> 2) Select "Certificate Enrollment Tools" link
>
> 3) Select "Request a Client Authentication Certificate" link
>
> 4) On "Certificate Enrollment Form" press Advanced button
>
> 5) On Advanced Settings, specify:
> - Key Spec: Signature
> - Algorithm: MD5
> - Properties:
> . Export Private Keys to a File
> . Allow keys to exported
> . Create a SPC file
> - Usage: Code Signing
> - CSP: Microsoft Base Cryptographic Provider 1.0
>
> 6) Press OK
>
> 7) On Xenroll dialog box:
>
> Save PVK file as: <type the path and name for the PVK file>
>
> 9) Press OK
>
> 10) It goes back to certificate Enrollment Form
>
> 11) On Certificate Enrollment Form, specify:
> - Name: <the name that will appear on certificate>
> - Department: <same as above, department>
> - Organization: <same as above, organization>
> - City: <same as above, city>
> - State: <same as above, state>
> - Country: <same as above, country>
> - E-Mail: <same as above, email>
>
> 12) Press Submit Request button
>
> 13) On Create Private Key Password dialog box, specify:
>
> - Path and name of the Private Key file
>
> - Password: ******
>
> - Confirm Password: ******
>
> 14) Press OK (or None if you intent to leave the password empty)
>
> 15) It goes to "Certificate Download page"
>
> 16) Press Download button
>
> 17) On Xenroll dialog box, specify the path and file name for the SPC[url]http://msdn.microsoft.com/library/default.asp?url=/workshop/security/authcod[/url]>
> 18) Press OK
>
> 19) If a messagebox appears asking about creating a "software publisher
> certificate", answer YES.
>
> 20) The PVK and SPC files are OK now. Go to next steps:
>
> TO SIGN CAB OR EXE FILES
> ========================
>
> 1) Download the Authenticode:
>
> - Go to
> [url]http://msdn.microsoft.com/downloads/c-frame.htm?003#/downloads/tools/[/url]
> - On the left pane, Tools TOC, select +Microsoft Downloads
> - Select MS Authenticode (IE4)
> - On the right pane, click "Download Authenticode (343K)".
> - Execute the file CODESIGN.EXE to uncompress it to a folder.
>
> 2) Place the following files in an empty directory:
> - chktrust.exe (verify signatures)
> - signcode.exe (signing utility)
> - signer.dll (dependency file)
> - *.pvk (private key)
> - *.spc (public key)
> - all unsigned cabs/exes
>
> 3) Use the program SIGNCODE.EXE to sign files:
>
> signcode -v private.pvk -spc publickey.spc filename.cab
>
> After these, you can Installing the Trusted Certificates in IE.
>
> For more informaton on this question, you may refer to:
>
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247257[/url]
>
>> e/signing.asp
>
> I also notice Yanghong had provided you some useful links, you can also
> refer them:
>
> [url]http://www.microsoft.com/windows/ie/using/howto/digitalcert/using.asp[/url]
>
> Regards,
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
Luca Vanuzzo Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
