I need to add a local path as a trusted path for the acrobat reader DC so that a file in that path can be accessed through a link in the PDF.
I need to add this path as trusted folder through registry and not through the user interface of the acrobat reader. I have tried the following registry keys:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Adobe\Acrobat Reader\2015\TrustManager\cTrustedFolders\ with all its subkeys and all keys had unique ID’s.
[HKEY_CURRENT_USER\Software\Adobe\<product name>\<version>\TrustManager\cTrustedFolders\cCrossdomain]
"t3"="C:\\Documents and Settings\\username\\My Documents\\acrobat_logo16.png"
But neither worked.
Could anyone tell if trusted paths can be added only through registry settings?
Related
I want to sign an Oracle VirtualBox Virtual Appliance, an OVA file. I am looking for instructions.
I have had extensive conversations with Comodo and Sectigo. They don't know how and had trouble even understanding the question.
When I load my VM in VirtualBox it says that it is unsigned but gives no information as to how to correct that.
I have a code signing certificate, and I have no trouble signing and timestamping an executable file:
signtool sign /t http://timestamp.comodoca.com t_hello.exe
Done Adding Additional Store
Successfully signed: t_hello.exe
Attempting with an .ova file gives an error:
signtool sign /t http://timestamp.comodoca.com ACoreTpl.ova
Done Adding Additional Store
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: ACoreTpl.ova
I took a shot at downloading a tool from VMWare, but it did not work on my VirtualBox appliance. It just gave error messages.
Unless the error message is meaningless and just hardcoded in VirtualBox, there is code inspecting something. I really don't want to go fishing through the code, but at this point it seems like I might have to.
The purpose of this exercise is so that I can publish a working system as a virtual appliance that is 'known good' and can be verified as the real thing when it loads.
[Note: There are images in the document I pasted this from, but they would not paste in here.]
I was able to muddle through a work-around. The workaround involves getting a tool from VMWare (ovftool.exe), which seems a bit strange. It allows the import of the OVA, showing the certificate and marking it as 'safe'. It still has a couple of issues. One is an annoying warning message issued while creating the signed file, for which I was unable to find a cure. The other is that it does not seem to contact a timeserver to timestamp the file. Presumably that means that when the signing certificate expires, you get warnings again when loading.
I would still like to know how you are supposed to do it properly according to Oracle. Surely, Oracle is not using VMWare's software to sign their Virtual Appliances.
This is my journey under Windows 10. At the end, I have a publishable appliance.
You need a virtual appliance (*.ova)
You need a signing certificate.
You need to have OpenSSL installed.
You need the program ovftool.exe from VMWare
To get the .ova file, you need to export one of your VMs as a virtual appliance:
Open the export virtual appliance dialog:
File->Export Appliance [Alternatively E]
Choose the virtual machine to export. Fill in whatever Virtual system settings apply.
For appliance settings, set the Format to Open Virtualization Format 1.0
Make sure the 'Write Manifest file' checkbox is checked.
Click on the button to write file.
You should have the signing certificate installed in the certificate store. If you don't have this already, you need to consult your certificate provider.
To get the signing certificate in a usable form, you have to jump through a few hoops to get an old-timey Privacy Enhanced Mail (PEM) file.
You need to get the certificate into a file first.
Start the Certificate Manager by running certmgr.msc
Open Personal->Certificates and right-click on your signing certificate
Open the All tasks menu and choose Export
This should open the Certificate Export Wizard
Click [Next]
Choose the radio button marked "Yes, export the private key"
Click [Next]
Choose "Personal Information Exchange - PKCS (.PFX)"
Check "Include all certificates in the certification path if possible"
Check "Export all extended properties"
Check "Enable certificate privacy"
Click [Next]
Check the Password checkbox, and enter and confirm a password [using password "IMPPass" in this example]
Change the Encryption dropdown to AES256-SHA256
Click [Next]
Assign the filename and path for the exported certificate. In this example, I called it "MyCert". Note that you don't put the file extension on the name here. The Certificate Export Wizard adds it when it writes the file. You should save it on the path where you saved the OVA file.
Click [Next]
Review settings and Click
It should pop up a message box saying the export was successful. Dismiss it by clicking on the button.
You need to do the next steps at the command line.
Open a console window.
Change to the directory where you have saved your OVA and PFX files.
cd c:<yoursavelocation>
You now need to convert the certificate to a form that can be used (.pem). To do this, you need to use OpenSSL. Here is the form of the command:
openssl pkcs12 -in MyCert.pfx -out MyCert.pem
Respond to the prompts for Import Password and PEM pass phrase:
Enter Import Password: IMPPass
Enter PEM pass phrase: PEMPass
Verifying - Enter PEM pass phrase: PEMPass
Finally, you can sign the exported OVA with ovftool with a command like this:
ovftool --privateKey=MyCert.pem --shaAlgorithm=SHA1 DamnSmall.ova DSL.ova
Opening OVA source: DamnSmall.ova
Opening OVA target: DSL.ova
Writing OVA package: DSL.ova
Transfer Completed
The manifest validates
Enter passphrase for MyCert.pem: PEMPass
A warning is issued here, but it will not interfere with the signing.
Warning:
No supported manifest(sha1, sha256, sha512) entry found for: 'DamnSmall-disk001.vmdk'.
Completed successfully
At this point, there should be a signed file called DSL.ova. It will indicate that when imported in VirtualBox.
To test, import the newly created and signed OVA file. Open the import dialog:
File->Import Appliance or alternatively I
Enter the path and name of the signed Virtual Appliance.
Click [Next]
The Appliance settings dialog should have text in the bottom left corner indicating that you have signed the appliance, and that it is trusted.
Appliance is signed
I and another guy are developing an add-in project for PowerPoint using C# and VSTO. Our project is being kept in a repository and every time when one of us gets a newest version from the repository, updated by another one, he gets a compiler problem with signing. Up to now, we solved this compiler problem by generating a test certificate on the corresponding machine every time after updating from repository.
My question is: Is it possible to avoid somehow this every-time generating of a test certificate after taking the solution, compilable on other machine, from the repository in order to have it compilable on both machines?
We tried everything:
We used the same .pfx file for both of our PC's (i.e. we sent this file to the repository).
We tried to uncheck the checkbox "Sign the ClickOnce Manifest" in the Properties window of the Solution and to remove the .pfx file at all.
We tried to use our own .pfx files with putting them into the ignore list.
But there was no result!
We have a similar scenario and we are doing the following:
'Sign the ClickOnce manifest' is signed with a locally generated .pfx key that is checked into the repository.
The assembly is signed with a strong name key.
On the build server the manifest is re-signed using the company's digital certificate for deployment using the instructions provided in this article - http://blogs.msdn.com/b/vsto/archive/2009/04/29/signing-and-re-signing-manifests-in-clickonce.aspx
Let me answer my own question. The solution is probably found. The steps are the following:
One developer should generate a new .pfx file defining the password. As a result, he can already develop the add-in correctly, on his machine; but other developer still can not, on their machines.
Using the same tab of the project's "Properties" window, this developer has to select the same .pfx file with the "Select from File..." button, giving the password.
The .pfx file should be sent to the repository (i.e. one shouldn't include it into the ignore list). As a result, other developers will not be required to generate anytime other .pfx files anymore.
We are ready!
The "magic" is that knowing the password by all developers is crucial. When the .pfx file is added to the project as it is described in the item 2, it means that all developers know the password.
I need an access to .k12 or .pem files for all https websites I am visiting on Mac OSx machine. Can anyone help me know the path where these files can be found.
Also, need to know a way to decrypt some packets using the key.
There are a couple of ways to get a certificate file in OSX. One way is to export the certificates from Keychain Access. Select Certificates in the Category (lower left) panel, choose Select All from the Edit menu (or hit ⌘A), and then choose Export Items... from the File menu (or hit ⇧⌘E). You can export your certificates as a .p12 file or a .cer file. The problem with this approach is you have to perform these steps periodically to keep your file in sync with the latest updates from Apple.
Another way is to install OpenSSL and use the cert.pem file that comes with it. Similarly, you'll have to keep OpenSSL up to date.
You would simply access the tool named "Keychain Access" in the Utilities folder of your Applications directory.
Once there, you can filter each keychain to only show certificates.
As for decrypting packets using a given key, there are plenty functions doing that within the Security framework, but this question would require clarification (Language requirement etc).
I was looking for this too. I couldn't find the files anywhere so I thought how about exporting them.
From the Keychain Access:
On left pane, click on the KEYS. On right pane, CTRL-Click on the desired certificate.
The Public key should be exported as a PEM file.
The Private Key should be exported as a P12 file.
The Certificate should be exported as a CRT file.
The Private key export option will as for a passphrase and then the user's keychain password. Upon import you will be asked for this passphrase.
NOTE: The private key, contains the public key.
I use Windows XP SP3. I resell digital signature certificates. I get the clients data, key them into a portal and download the dsc onto my machine. I use Internet Options and export the certificate to a pfx file with a password and send it off to the client. Since, this is being done over and over again, during export to pfx, inadvertently the wrong certificate is selected. Once the pfx file is generated, is there any way of knowing the common name in the pfx file without having to reinstall the certificate. I have looked into openssl, but not sure if it can be achieved by a batch file as a password has to be physically entered. Ideally, after exporting say 10 pfx files, I would like to run a batch file which would display only the common names. Once I confirm that the names are correct (I have exported correctly), I can delete the certificates from the store.
You should write your own application, that will perform batch processing of PFX files.
The pseudo code using CryptoAPI are as follows.,
Read the pfx files from disk one by one using PFXImportCertStore. You will get the certificate store context.
Acquire the certificate context PCCERT_CONTEXT phPfxCertCtx = CertEnumCertificatesInStore
Get the subject name. phPfxCertCtx->pCertInfo->Subject
You can have a predefined list of subjects to compare the subject names that are read now.
Close the context and certificate store, CertCloseStore with CERT_CLOSE_STORE_FORCE_FLAG.
I have registered for the Safari Development Program and have a valid Apple ID. I've followed all the steps given by Apple.
The problem is that Windows XP (Service Pack 2) does not recognize the command 'certreq', whereas the instructions said it would work on any Windows machine.
However, the command 'certreq' was working on Windows Vista on the machine of my co-worker's, I downloaded the certificate (the .cer file) and installed it and Safari detected it.
However, I don't have Windows Vista.
I installed Windows 7 now on my machine, the command 'certreq' works and I have the Safari Extension Certificate (the .cer file) but when I open Safari's Extension Builder, my certificate does not appear there.
I entered mmc in Start --> Run and checked if the certificate was installed there. It was in the 'Other People' but not in 'Personal'.
Even on Internet Explorer 7+, when I go to Tools --> Internet Options --> Content (Tab) --> Certificates, the certificate is not there in the Personal tab, (WHEREAS IT GOT INSTALLED IN THE PERSONAL FOLDER AUTOMATICALLY IN WINDOWS VISTA). I tried importing the certificate (the .cer file) into the Peronal folder, the import is successful but still neither does it appear in the personal folder nor does Safari recognize/detect it when I go to the Extension Builder.
ANY HELP?!
I need to make an extension for my office project and the deadline is approaching. I really need to get it done.
Thanks a million in anticipation.
I was facing the similar problem. After struggling a lot the following worked for me:
Install (Windows Server 2003 service pack 2) Administration Tools pack as shown on “Generate a Certificate Signing Request” screen shown by Safari Extension Certificate assistant: http://www.microsoft.com/download/en/confirmation.aspx?id=6315
Install IIS resource kit for SelfSSL- http://www.microsoft.com/download/en/confirmation.aspx?id=17275
As indicated by Safari Extension certificate assistant, save the following as certreq.txt --https://devimages.apple.com.edgekey.net/safari/files/certreq.txt
Run cmd, and then change directory to where you saved certreq.txt
On command prompt type: certreq –new certreq.txt newcsr.pem
Press Continue on the Safari Assistant screen, and upload this newcsr.pem
It will generate a certificate that you need to install by double-clicking on the installed file.
You are done!
Go to Develop (in Safari menu bar)>> Show Extension Builder >> Click + and select new extension.
By generating the cert request on another machine you don't have the private key associated with the cert on your own. Generate a cert request on your Win7 machine now, go get a new cert from Apple, and it should work fine.
To use the certificate on Windows, I needed to click on the file that was created (safari_identity.cer). That installed the certificate in the Windows Certificate store. Rrun certmgr.msc and look under the Personal..Certificates folder to see it. My installed cert looked something like this in the Microsoft Management Console for Certificates: "Safari Developer: (xxxxxxxxxxx) me#zzz.com".
this is an answer for Mac users who may be experiencing this problem.
Once you install your certificate, double click it, go under Trust, and set Always Trust for When using this certificate. Your certificate should work then.
It's got something to do with the private key - On me Vista it says CertReq: Request Created and it installs fine, but then on Windows 7 it just creates the file and when you look at the info before/after install it doesn't display that it is associated with the private key on the computer. Very confused I am.
when you enter something like "certmgr.msc" in the run command in window, you will get to see something like this:
So using the certificate consists of the following steps:
first save the file and run the command in cmdd.exe as directed in the developer certificate generator in extension certificate developer.
when you are done, check the certmgr [shown above in the image] and see a certificate named safari developer installed somewhere near Certificate Enrollment Requests. cut the certificate and paste one copy inside trusted root certification Authorities and another inside Personal.
then generate the csr file and install the file inside Personal folder and trusted root certification Authorities folder.
extension builder will recognize the certificate.
Best of luck.
If the certificate has an incomplete chain, it may be necessary to install the certificates on Apple's certificate page . I believe "Worldwide Developer Relations" (and possibly the 2 root certificates) are necessary for Safari Development.