Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Digital Certificates

Single Click discussions / bugs
Post Reply
Dwalf
40
40
Posts: 112
Joined: 2005-08-25 01:02

Digital Certificates

Post by Dwalf »

Please Read Below.

The tools is bult in to SC Client creator / Offline Compiler on this form too.
Last edited by Dwalf on 2005-09-14 10:00, edited 1 time in total.
redge
1000
1000
Posts: 6797
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Post by redge »

I'm interesting
because some cyber coffee don't allow unsigned software.
so I can't use vncviewer because is unsigned software.
and java viewer certificate is expired (may 18 2005)
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
Dwalf
40
40
Posts: 112
Joined: 2005-08-25 01:02

How to sign a EXE with a Digital Certificate

Post by Dwalf »

Here it is.

1. Get a certificate
Free one here!
http://www.ascertia.com/onlineCA/default.aspx

2. Choose code signing and then click on the link to install.

3. Wait for certificate to become valid on your computer.

4. Download Microfost Code signing SDK
Download here!
http://freehost04.websamba.com/duckware ... ingx86.exe

5. Run Sign Code and follow instructions. (install Cert from Store)

All done!

As always the information above is use at your own risk, and may not be the solution for you. I dont take any responsability for the information supplied or what you do with it, Its for education only. Dont abuse it.

Dwalf
Last edited by Dwalf on 2005-09-14 09:59, edited 2 times in total.
sugar
8
8
Posts: 9
Joined: 2006-04-18 23:28

Post by sugar »

What kind of free certification should I download from here?

# Email Protection
# Client Authentication (SSL)
# Server Authentication(SSL)
# IPSec
# Code Signing

I need to sign a cab file of a web server.

Thanks
sugar
8
8
Posts: 9
Joined: 2006-04-18 23:28

Post by sugar »

well, sice i wish to sign this:
"DVR System from Eyemax
WebDvr.cab
Unknown publisher"
I think i must choose a server certification, but now in the ascertia.com and it is askin me for :
- CSP
- Key Usage
- Key Size
- Enable strong private key protection
- Mark key as exportable

What settings would be better for sign the cab file i mentioned?

Thanks in advance.
Dwalf
40
40
Posts: 112
Joined: 2005-08-25 01:02

Post by Dwalf »

sugar wrote:What kind of free certification should I download from here?

# Email Protection
# Client Authentication (SSL)
# Server Authentication(SSL)
# IPSec
# Code Signing

I need to sign a cab file of a web server.

Thanks
Code Signing
sugar
8
8
Posts: 9
Joined: 2006-04-18 23:28

Post by sugar »

then how to install in into the .cab file at the webserber?

thanks
sugar
8
8
Posts: 9
Joined: 2006-04-18 23:28

Post by sugar »

ok this is my goal: we purchased a DVR (digital video recording, its called EyeMax) system and it comes with a WebServer, then it supposly we can access to the cameras views from a url.
When i launch the url of the server it says that windows has blocked that content because is untrusted, then i signed the .cab file of the web server according this procedure: http://support.microsoft.com/kb/q247257/

After windows is still blocking the concents since it is issued by root and windows cannot validate it.

How can i do? Should i pay $499 for buy a verisign sign in order to validate a .cab file of a sofware that i already purchased?
Thanks in advance
Marscha
Former moderator
Former moderator
Posts: 464
Joined: 2004-05-14 06:48

Post by Marscha »

if you sign the .cab with some certificate, you need to load the CA's corresponding certificate into the browser's certificate store.
Typically there are some certificates pre-loaded (Verisign etc.).
sugar
8
8
Posts: 9
Joined: 2006-04-18 23:28

Post by sugar »

i installed the certificate in the client and in the server too, and windows its still blocking the application. In fact the application cannot be runned in the local server machine: http://localhost:108/
Marscha
Former moderator
Former moderator
Posts: 464
Joined: 2004-05-14 06:48

Post by Marscha »

I assume the certificate is issued for some host "server.domain.com".
You need to access the server with this name.
If there is no other way, you can add "server.domain.com" to the hosts file.
On W2K/WXP this file is located in C:\WinNT\System32\drivers\etc
Add a line

Code: Select all

127.0.0.1 server.domain.com
Dwalf
40
40
Posts: 112
Joined: 2005-08-25 01:02

Post by Dwalf »

sugar wrote: How can i do? Should i pay $499 for buy a verisign sign in order to validate a .cab file of a sofware that i already purchased?
Thanks in advance
I asume this eyemax has already got a certificate. i just got myselff IPVIDEO (not bad for cctv very fast on a LAN but gets a bit slow over the net) to test out and it too has a built in webserver and a active-x component wat loads up when you connect. You dont need a server certivicat for this nor is there any need to sign the cab. I should have one already. I suspect your browser is set to block active-x componets

What you need to do is install the active-x compnent. Normaly it pop up a little blue box under the taskbar.

Once this is installed you will be able to see your CCTV or other. (TV :) hehhe

BIG note, active-x componets are basicly application. Dont just accept any old componet when you surf the net. If you not sure about a site dont install, Some (poeple form the darkside) are potential spyware or worse. (No worries mate i am sure EYEMAX is ok, since it is a honest product)

There is another way. In your browser you can add the cctv url or IP as a trusted site and should also fix this. (DO NOT lower your security on your browser, many people do and then wonder why they keep getting viruses and spyware,even hackers)


On this note i would like to point out 2 thing not related to your question.
CODESIGNing and SSL Certificates are two diffrent thing. One is you get a certificate and you use a application to sign your cab file. This mean you got the cab or exe (you developed it and want people to use it)file and you wish to encode the file with your certificate so when you deploy the file people and webbrowsers will know who maded it and whether it should be trusted.

(Note so whats so nice about COD SIGNING? People can see who it is from and can track back to verify it came form you)

2. a SSL certificate you can only install on a webserver and is more inteneded to encrypt data when it is transmitted over the internet. What you need to do here is to open 443 and in IIS enable SSL on this same port, Then you go and create a pending request. IIS spits out some code for you and you take this code to the cert auth and enter it and it gives you back some other code. You then go back to IIS and open the pending procees and enter this code and when done and all is sucessull IIS then has SSL, good and proper untill the certificate becomes invalid. Then you start all over again. Linux has a simular setup.
The big thing here to remember is that all information you eneter must be 100% correct. Trust me i have redone and revoked many many certificates from typo's and wrong information. Verisign give you a month to fix certificates before you loose your money.

If you are after one of these certificates what work on webserver check this link out they offer these free.

http://cert.startcom.org

Please note all information is USE AT YOUR OWN RISK.
Since i dont control what or where or who!

I see a need for a security doc and will head up a new topic.

Cheers
Dwalf
sugar
8
8
Posts: 9
Joined: 2006-04-18 23:28

Post by sugar »

thanks for the detailed information, in my case i cannot install the eyemax activex component because windows its blocking it just after i accept the pop message wich ask me for accept it (when the client is in the same vlan it installed like a charm, problem is then the client its in a remote network). So it is being bloked even If i add the ip address of the webserver in to my trusted sites list of Internet explorer.

Do you think cause of my problems are that the server has a windows home edition installed?

Thanks in advance.
Last edited by sugar on 2006-05-09 20:03, edited 1 time in total.
Dwalf
40
40
Posts: 112
Joined: 2005-08-25 01:02

Post by Dwalf »

sugar wrote: Do you think cause of my problems are that the server has a windows home edition installed?
Thanks in advance.
No i dont think thats the problem.
I too noticed a thing or two about my IPVIDEO.

1. I wanted full screen mode to work. It seemed fine when i connected to the book and it gave me the Active X cab with noproblem, But when i spoke with Charles (Genius) He showed me another way. Seems that IPVIDEO had some hidden windows. Best of all is it had IMAGE VIEW , JAVA and ACTIVE X in the SIMPLE window view. Nothing you read in the manual, found a few sites with more info.

Here too i could not load the ACTIVE X cab. Windows just dumpted me a cab file not trused.

Charles showed me some code to minipulate the video.

<html>
<body>
<IMG width=320 height=240 SRC="http://yourvideoipaddress.com/GetData.cgi" >
</body>
</html>

See if you EYEMAX has a IMG or JAVA setting or as above .cgi

The CGI only seemed to work in Firefox as IE just did not know what to do with it and passwords.

Hope this helps.

Dwalf
vpftech
Posts: 1
Joined: 2007-10-17 14:58

Re: Digital Certificates

Post by vpftech »

Sugar did you ever get this issue resolved using the code manipulation? I would most certainly love to know! I am having the same issues!
Post Reply