Code Signing with IEAK 5 and Later (269395)


The information in this article applies to:

  • Microsoft Internet Explorer Administration Kit 5.0
  • Microsoft Internet Explorer Administration Kit 5.01
  • Microsoft Internet Explorer Administration Kit 5.5
This article was previously published under Q269395

SUMMARY

This article describes how to digitally sign your files with Internet Explorer Administration Kit (IEAK) 5 or later, and how to generate the necessary certificates by using the version of Microsoft Certificate Services that is included with Microsoft Windows 2000 Server. This is an update to the information in the following article, which describes the process for IEAK 4.x:

193038 How to Sign IEAK Files Using Microsoft Certificate Server

MORE INFORMATION

It is easier to digitally sign your files in IEAK 5 because the IEAK Wizard does it for you automatically. During stage 3 of the IEAK Wizard, on the "Digital Signatures" screen, you can point to your public and private keys. The necessary files are digitally signed when you complete your build.

You can obtain your public and private keys from a third-party Certificate provider, or you can create your own by using Certificate Services from Windows 2000 Server.

To use Certificate Services to sign IEAK files:
  1. Install Certificate Services by using the Add/Remove Programs tool in Control Panel.
  2. After you install and configure Certificate Services, browse to http://servername/certsvr by using Microsoft Internet Explorer.
  3. Click Request a Certificate, and then click Next.
  4. Click Advanced Request, and then click Next.
  5. Click Submit a certificate request to this CA using a form, and then click Next.
  6. Type your information, name, e-mail address, on so on, in the form.
  7. In the Intended Purpose box, click Code Signing Certificate.
  8. Click to select the Mark keys as exportable and Export keys to file check boxes.
  9. Specify the location of your file, which will be a .pvk file. Make sure to specify the explicit file location. for example: C:\Filename.pvk.
  10. Leave the other options set to the default values unless you have a reason to modify them.
  11. Click Submit. You are then prompted for a password. After you specify a password, click OK.
This process creates the private key (.pvk file) that you specified when you created the certificate. You must also obtain the public key by having your administrator issue the certificate.

If you have administrative access to Certificate server, you can issue your certificate by following these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Certificate Authority.
  2. Access the pending requests on the Certificate server. Right-click the pending request, point to All Tasks, and then click Issue. This causes the certificate to be issued, but you must still export the certificate to a file.
  3. Access the Issued Certificates folder, right-click your certificate, and then click Open.
  4. On the Details tab, click Copy to file.
  5. In the Certificate Export Wizard, click Next.
  6. The default setting is acceptable, unless you have a reason to customize it. Click Next.
  7. You are prompted to choose a location in which to save the file. It is saved in either .cer or .p7b format.
  8. After you save the file, change the extension from either .cer or .p7b to .spc.
You now have the necessary keys (both .spc and .pvk files) to use in the IEAK Wizard so that it can automatically sign your files.

For more information about code signing, see the following MSDN Web site:

http://msdn.microsoft.com/workshop/security/authcode/signing.asp

Modification Type:MajorLast Reviewed:11/19/2003
Keywords:kbenv kbinfo KB269395
©2003 Microsoft Corporation. All rights reserved.