First there must be a toolkit, including the following software:
(The following software can be found in Microsoft Visual Studio .NET 2003 / SDK / V1.1 / BIN)
Makecert.exe makes certificates in CER format, namely X.509 certificates, and you can create private keys
CERT2SPC.EXE converts the CER format certificate into a SPC format certificate, that is, PKCS # 7 certificate
Signcode.exe signs the certificate to OCX
Chktrust.exe checks if the OCX after the signing certificate is correct
There is also a CertMgr.exe, which is used by the management certificate. You can export root.cer from this,
Many of the online articles written to this certificate, but can't find it in the VC installation disk. In fact, no
There is no relationship. These software can be found from the VC installation dish.
The following is the specific steps:
1. Create a certificate file:
Makecert -sk "photoup.pvk" -ss myname -n "cn = company name, E = email, o = author" photoup.cer
Here, photounce.pvk means a newly created private key saved file name
SS-theme certificate storage name
PHOTOUP.CER is your final certificate file name
These are filled in according to your own requirements, and finally get two files for Record.PVK and Dream.cer.
Among them, you need to enter a private key to protect your password during operation. Be sure to enter, don't
Error.
2, conversion CER format is SPC format (can be omitted)
CERT2SPC DREAM.CER DREAM.SPC
Get the Dream.SPC file.
3, sign the OCX
Running signcode, the command line I have no trial, I am implemented by the interface.
The digital signing wizard will appear after SignCode run, first select OCX you want to sign,
The signature option will appear after the next step, one is typical, one is a custom. Select customization,
In this way, you can choose a certificate from the file, choose the Dream.SPC you made in front, then the next step is
Select the private key file, select Record.PVK, enter the protection password of the private key, select scatter
Column algorithm, generally used MD5, the next step is to select other certificates, directly next,
Fill in the statement of this control, when the user browses the IE, the certificate will be popped up.
The next step is to cover the timestamp, fill in
http://timestamp.veriSign.com/scripts/timstamp.dll (free), complete.
4. Check if you check it correctly with Chktrust
Chktrust -V RecordProj.ocx
In this way, I got a test certificate, grace, although just a test certificate, but
Less to ensure that this OCX can play a window when I view it, ask if you installed it.
Not directly prohibited.
