[英]Signing Windows Executables with self-hosted certificate
The question has already been asked and answered about how one can 'sign' a Windows executable; 已经有人提出并回答了有关如何“签名” Windows可执行文件的问题。 however, the answer requires the ongoing expense of a hosted certificate.
但是,答案需要持续的托管证书费用。
My company already has a VPS which we use for WWW, email and version control, so it seems to me that we could host our own certificate, albeit with rather less trustworthiness, but still sufficient for our clients. 我公司已经有一个VPS,可用于WWW,电子邮件和版本控制,因此在我看来,我们可以托管自己的证书,尽管可信度较低,但对于我们的客户来说仍然足够。
We already host a PEM certificate which a consultant sysadmin set up for our email (IMAP4) hosting; 我们已经托管了PEM证书,该证书由顾问sysadmin为我们的电子邮件(IMAP4)托管设置; can we use that and what would be the procedure for 'signing' the executable and hosting the certificate ?
我们可以使用它吗?对可执行文件进行“签名”并托管证书的过程是什么? Presumably somewhere the URL of the hosted certificate would be embedded in what is attached ('signed') to the executable.
大概在某个位置,将托管证书的URL嵌入到附加到可执行文件的内容中(“签名”)。
Here's a question on ServerFault that provides some good details on what specifically you can do with PEM (there's quite a bit more than I think would be prudent to copy/paste). 这是有关ServerFault的一个问题,该问题提供了有关可以使用PEM进行具体操作的一些详细信息 (复制/粘贴比我认为要谨慎得多)。
As far as self-signing, yes this is something you can do, although not trivially. 至于自签名,是的,尽管不是很简单,但是您可以执行此操作。 In additional to the work setting it up there will be some ongoing maintenance that can be a real pain, especially if you don't know what you're doing very well.
除了进行工作设置外,还将进行一些持续的维护,这确实是一件痛苦的事情,特别是如果您不知道自己做得如何很好。 The problem is really two-fold:
这个问题实际上有两个方面:
Self-signing is generally not advised for production environments, especially with outside customers. 通常不建议在生产环境中使用自签名,特别是对于外部客户。 There is too much to know and too many ways to screw it up.
有太多需要了解的内容,也有太多方法可以解决。
If cost is an issue, you should check out Comodo's code signing certificate offerings . 如果成本是一个问题,则应查看Comodo的代码签名证书产品 。 They are generally the best priced and quite reliable.
它们通常是价格最优惠的,并且相当可靠。 They were hacked a copule years ago , but there was a lot the security field learned from that incident, and IMO it wasn't really Comodo's fault.
他们是在几年前被黑客入侵的 ,但是安全领域从该事件中学到了很多东西,而IMO并不是COMODO的错。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.