Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

How to Import a Certificate into Firefox

Depending on the circumstance you may need to import a Certificate into your Firefox browser. Code Signing, Email, and Admin/Digictal ID certificates can be imported into Firefox’s certificate stores to allow users access to websites or enable users to use Mozilla based software where certificates are necessary to perform a function. This article provides step-by-step instructions for installing your certificate in Mozilla Firefox for Windows. Digital ID Files generally have a PFX or P12 extension and contain the public key file (certificate) and the associated private key file. We will assume that you already have a PFX or P12 Digital ID Certificate file and it has been moved to or already resides on your Windows system in question. This file format […]

Read More

SHA-1 or SHA-256 for Windows kernel-mode Code Signing

Problem Windows Vista and Server 2008 trigger a security warning for code running in kernel mode if the code was signed with a SHA-256 Authenticode certificate. The current workaround is to use a SHA-1 certificate. However, SHA-1 is being deprecated. Patched versions of Windows 7 and newer versions of Windows operating systems will trigger a security warning for code signed with a SHA-1 certificate after December 31, 2015. Certificate Authorities such as Symantec/Digicert state that they will still issue out SHA-1 Code Signing but “SHA-1 Code Signing certificates have a max expiration date of December 30, 2019.” and will be discontinued there after. Patched Windows 7 and newer versions should be unaffected. Kernel-mode code that is signed with a SHA-256 […]

Read More

Digicert EV Code Signing Procedure – Activating Your EV Code Signing Hardware

After a Digicert EV Code Signing certificate has been issued there are some technical security steps that are required in order to activate the usb token the client receives. Before you can access the EV Code Signing Certificate and use it to sign code, you need to activate your secure token, download and install the SafeNet driver for your token, and then obtain and change your token password. Things to Note: If the hardware device token has not yet been received you must wait until it has been shipped and received. To access the certificate on your hardware device token, you need to get your token password from the order details inside your account. After retrieving your certificate’s token password […]

Read More

Digicert EV Code Signing – Installing SafeNet Client Software on Your Computer.

Whether you are providing your own hardware token, or you had DigiCert ship you a secure token with your preinstalled EV Code Signing Certificate, you need to install the SafeNet drivers for your computer to interface with the device. These instructions explain how to install the client software on to your computer after you’ve already received and configured your hardware token from DigiCert. This will allow you to sign application with your EV Code Signing hardware device token on multiple computer machines. SafeNet Installer Note:  If you don’t have the SafeNetAuthenticationClient.exe, if you’ve lost the option to download the SafeNet Drivers from your account, or if you need help downloading the software, or if you need driver software for other OS […]

Read More

Digicert Certificate Utility – Code Signing (Exporting pfx)

The Digicert Certificate Utility is probably one of the best certificate management tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. […]

Read More

Digicert Certificate Utility – Code Signing (Signing Code)

The Digicert Certificate Utility is probably one of the best certificate management tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. […]

Read More

Digicert Certificate Utility – Code Signing (Importing a Code Signing pfx/p12 Certificate)

The Digicert Certificate Utility is probably one of the best certificate management tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their code signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. […]

Read More

Digicert Certificate Utility – Code Signing (Downloading/Installing)

The Digicert Certificate Utility is probably one of the best certificate management tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. […]

Read More

Digicert Certificate Utility – Code Signing (CSR Generation – Certificate Installation)

The Digicert Certificate Utility is probably one of the best certificate management tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. […]

Read More