Category Archives: StartSSL

Object code signing with StartSSL

I have used code signing to sign our .NET assemblies, but you should be able to use the same steps to sign any dll, exe, cab or msi files.
Before you can start signing you need those prerequisites:

  1. The actual certificate downloaded from StartSSL.
  2. OpenSSL binaries for Windows.
  3. SignTool which is part of Windows SDK.

After you have your object code certificate request approved you can download it from Tool Box > Retrieve Certificate section in you StartSSL account page. Copy the contents in textbox and save it into some file for example cert.pem.
Now we have to convert the certificate into some format which is readable by SignTool. To do this you need file with private key (key.pem) which was used for certificate request.

openssl.exe pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem

You will have to provide pass phrase used when key.pem has been created and define password for pfx file, which will be used for signing. As soon as pfx file is created you can sign your first assembly.

signtool sign /d "PRODUCT_NAME" /du "PRODUCT_URL" /f cert.pfx /p "PFX_PASSWORD" /t "" /v "FILE_TO_SIGN"