Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# -------------- In my case it was this location, change accordingly -----------
# I only show here the part of that file I changed
## [ v3_req ]
##
### Extensions to add to a certificate request
##
##basicConstraints = CA:FALSE
##keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_req ]
# Extensions to add to a certificate request
subjectKeyIdentifier=hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign
get-help Set-AuthenticodeSignature -detailed
get-help Set-ExecutionPolicy -detailed
Set-ExecutionPolicy remotesigned
$cert = Get-PfxCertificate ~\Documents\Outlook-Dateien\codesign.pfx
Set-AuthenticodeSignature -FilePath .\Microsoft.PowerShell_profile.ps1 -Certificate $cert -IncludeChain Signer
# Run this once
# Borrowed from http://bit.do/SwCv
openssl genrsa -des3 -out ca.key 4096
openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -x509 -days 365 -out ca.crt -key ca.key
# Run this for each code developer account. The system must install the CA cert and the resulting p12 file in order to be happy.
# Borrowed from http://bit.do/SwCv
openssl genrsa -des3 -out codesign.key 4096
openssl req -config /c/Program\ Files\ \(x86\)/Git/ssl/openssl.cnf -new -out codesign.csr -key codesign.key -reqexts v3_req
openssl x509 -req -days 365 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile ~/v3.cfg -set_serial 01 -out codesign.crt
openssl pkcs12 -export -in codesign.crt -inkey codesign.key -out codesign.pfx
basicConstraints = CA:FALSE
subjectKeyIdentifier=hash
keyUsage = digitalSignature
extendedKeyUsage = codeSigning, msCodeInd, msCodeCom
nsCertType = client, email, objsign
@573

This comment has been minimized.

Copy link
Owner Author

@573 573 commented Sep 19, 2014

(Source for my changes: http://bit.do/SwCv) Replaces e. g. makecert requirement here: http://bit.do/Sws3 (On Windows doubleclick and follow the steps to import the private-key certificate (generated pfx-file) into the correct storage)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment