I have to add some certificates to firefox before building it. Then test it with this certificates. I know that certificates are hardcoded into the certdata.txt, in this location:
mozilla-source\mozilla-central\security\nss\lib\ckfw\builtins
I've tried to add certificates into the certdata.txt using addbuilit from nss-tools. But after building it I get errors.
Compiler shows this errors when reading certdata.txt:
0:49.23 c:/mozilla-source/mozilla-central/obj-x86_64-pc-mingw32/security/nss/lib/ckfw/builtins/builtins_nssckbi/certdata.c(20983,1): warning: missing terminating '"' character [-Winvalid-pp-token]
0:49.23 "\152\270\202\165\004\122\100\146\207\136\301\151\270\325\275\134
Actually it's pretty easy to do.
Firstly you need a nss and nspr, because of nss that is built in to mozilla installer does not have addbuiltin function that we need.
Download NSS for windows
Download Nspr for windows
Second step
unpack both of these files.
Then copy the contents of the NSPR /lib folder to the NSS /bin folder
Copy your certificate and certutil.txt to the NSS /bin folder.
Note: Your certificate should be in .der format!
Third step
Run this code bellow:
addbuiltin -n "My certificate name" -t "CT,C,C" < CAcert.der >> certdata.txt
My certificate name - The name of the certificate that will be added to the certutil.txt.
CT,C,C - Is the trusted properties of the certificate.
CAcert.der - Certificate itself.
certdata.txt - Certificates containing file.
But before copying certutil.txt back to the source code you have to do one more thing.
Open certutil.txt in Notepad++ and turn on hidden characters by Menu View → Show Symbol → Show All Characters. Then change /r/n to /n.
And you've done!
Related
I want to manually add .mobileprovision to the keychain access without using xCode because I didn't develop the app with xCode. Any suggestions?
I found a YouTube video by Kotobee to be immensely helpful.
You will need an OpenSSL. All necessary info is within this video.
My personal notes from this video:
Step 1: Need Open SSL folder
Step 2:
Process of making the KEYS
https://youtu.be/yCvbbIfMnxI?t=6m
https://youtu.be/yCvbbIfMnxI?t=8m4s
1ST KEY
certificate signing request file (CSR)
open SSL file in COMMAND PROMPT (cmd)
openssl genrsa -out [keyname].key 2048
// optional change [keyname]
(NOTE: if issues locating openssl.cfg type at command prmpt
set OPENSSL_conf-d:\OpenSSL-Win64\bin\openssl.cfg
nothing will show on command prmpt, but continue)
2ND KEY
making the CertificateSigningRequest.certSigningRequest KEY
//// video timestamp around 13:00 //////
openssl req -new -key [keyname].key -out CertificateSigningRequest.certSigningRequest -subj "/emailAddress=yourEmail#whatever.com, CN= companyName, C=US"
C=US is about the country of origin. So you may need to change this if not US.
NOTE: SEEMS LIKE ONCE YOU HAVE THE KEY FROM OPENSSL, don't need to do this process again. Not positive though, but so far seems true.
3RD KEY
https://youtu.be/yCvbbIfMnxI?t=14m52s
log into developer.apple.com account
3 steps:
STEP A:
Certificates
there's a DIFFERENCE between DEVELOPMENT & PRODUCTION/DISTRIBUTION
Click the PLUS sign in upper right corner of web page.
You can likely reUPLOAD the SAME key created under name:
CertificateSigningRequest.certSigningRequest
dev site will return "Your certificate is ready" to download
file name will be
ios_distribution.cer for DISTRIBUTION KEY
ios_development.cer for DEVELOPMENT KEY
/// NOTE: SO FAR LOOKS LIKE YOU CAN USE SAME KEY ONCE MADE!
Put your .cer file into the OpenSSL bin folder
STEP B:
Make your APP ID via the developer.apple.com site
https://youtu.be/yCvbbIfMnxI?t=16m58s
THIS SECTION appears to need to change per app, especially for DISTRIBUTION
could just use the wildcard key and be done with it for DEVELOPMENT
STEP C: Create .mobileprovision file
(note: this will include your registered devices)
Make an APP ID
click on Identifiers > App IDs >
Explicit App: Dev Prov Profile
App Bundle: id="com.domain.app"
Enabled: Push Notifications (can exclude this line)
Download new .mobileprovision file from developer.apple.com into
D:\OpenSSL-Win64\bin
Make sure latest CertificateSigningRequest.certSigningRequest file in
D:\OpenSSL-Win64\bin
Along with .key file in D:\OpenSSL-Win64\bin
STEP D: Create .pem file
In Command Prompt type:
openssl x509 -in [developer_certificate].cer -inform DER -out [app_pem_file].pem -outform PEM
ios_distribution.cer OR ios_development.cer
rename the [app_pem_file].pem file if you like -- make it similar (my thought)
to bundle app ID name or Explicit App name
OR
make it same as the .key name (if recreating & not using a previous one)
this creates the .PEM file
STEP E: Create .p12 file (final task)
In Command Prompt type:
openssl pkcs12 -export -inkey [keyname].key -in [app_pem_file].pem -out [app_p12].p12
As I said, all this information is on the video. You don't need my personal notes to get the key. :)
In order to get Microsoft PlayReady Server Agreement I need to sign WMLA.ocx file with Extended Validation Code Signing Certificate and send it back to Microsoft.
I've obtained Extended Validation Code Signing Certificate pack from Thawte, it contains:
1. Code Signing certificate itself
2. CA
3. PKCS7 certificate
Put Code Signing certificate itself to separate file with .cer extension.
I've downloaded Microsoft Code Signing pack from http://go.microsoft.com/fwlink/?LinkID=148072 contains:
a. Signcode.exe
b. WMLA.ocx
c. WMLA Instructions for EV Cert OCX v10 17 16.pdf
Following instructions (option 3) from http://msdn2.microsoft.com/en-us/library/ms537364.aspx we've tried to sign .ocx file using Signcode.exe and Code Signing certificate itself in .cer file.
Enter following command in command line:
C:\Users\User123\WMLA>signcode.exe -c ev.cer WMLA.ocx
And got error:
Error: There is no valid certificate in the my cert store
Error: Signing Failed. Result = 8009200c, (-2146885620)
Certificate is valid, but I'm not sure about signcode.exe options and putting certificate in separate .cer file?
I can't get windows 8 (release preview) to accept either the inf2cat or makecat approach described as solutions to the question at
What changed in the driver signature requirements for Windows 8?
unless I disable validation.
I am not signing these with any certificates at this point, just trying to get past the errors preventing the drivers from installing at all.
Windows 8 gives me a very nondescript error:
"A problem was encountered while attempting to add the driver to the store."
Looking in the event logs, there is nothing of use; only an informational entry from "Windows Error Reporting" indicating a PnPdriverimporterror.
When i use my original files with the cab files that don't match the inf, I get the error everyone else is listing:
The hash for the file is not present in the specified catalog file.
I have one .inf file that i need to generate a .cat for.
Perhaps I am doing something wrong. Ideas??
INF2CAT Approach
c:\win_xp_vista32_64>inf2cat /driver:"." /os:XP_X86,XP_x64,Vista_X86,Vista_x64,7_X86,7_X64,8_X86,8_X64
.......................
Signability test complete.
Errors:
None
Warnings:
22.9.10: usbser.sys in [drivercopyfiles.nt] is missing from [SourceDisksFiles] s
ection in \mchpcdc.inf; ok if file source is provided via LayoutFile in [Version
].
22.9.10: %driverfilename%.sys in [drivercopyfiles.ntamd64] is missing from [Sour
ceDisksFiles] section in \mchpcdc.inf; ok if file source is provided via LayoutF
ile in [Version].
Catalog generation complete.
c:\win_xp_vista32_64\mchpcdc.cat
MAKECAT approach
--- start of catalog.cdf file---
[CatalogHeader]
Name=mchpcdc.cat
ResultDir=.\
[CatalogFiles]
<hash>mchpcdc=.\mchpcdc.inf
---end of .cdf file ---
c:\win_xp_vista32_64>makecat catalog.cdf
These same files, w/ the cat from either approach install just fine in Windows 7.
I think this problem is to do with "windows driver signing enforcement". You can resolve this by disabling this option. Go through with below link:
http://tivadj-tech.blogspot.in/2012/09/certificate-check-error-when-installing.html
I just tested this on Windows 10 and 8 PRO now, to get this right, follow these steps:
1) From your Start menu, locate your DDK's "x64 Checked Build Environment" i.e. the custom DOS build screen. Right-click, run-as administrator...
2) Compile your source with the Build tools etc.
3) Go into your compiled code, and then create your test-certificate (you don't need to purchase one just yet, use your self-signed one created with the line below):
makecert -r -pe -ss PrivateCertStore -n CN=newhex.com(Test) NewhexTest.cer
The above means your certificate is called "newhex.com(Test)" and the generated file is "NewhexTest.cer"
4) Create / Edit your .CDF file which contains items about what your CAT file's contents.
5) Create your CAT file by executing:
makecat -v MyCDF.CDF
This should generate an un-signed CAT file that includes all files specified by your CDF.
6) Sign your CAT file as follows:
Signtool sign /v /s PrivateCertStore /n newhex.com(test) /t http://timestamp.verisign.com/scripts/timestamp.dll MyDriverWhatever.cat
This should result in a CAT file that is signed, but don't just install it, because your Windows can't trust Newhex's cert since it's not in the keystore, to fix this do:
7) Add your certificate to your private Key Store, remember this step MUST be done by an administrators access, otherwise you will get an error about (Keystore not found etc):
certmgr.exe -add NewhexTest.cer -s -r localMachine root
This should add into your keystore, Once done, you can then:
8) Go into your device manager, and add your new driver, you would get a warning but will be accepted and installed without the need to reboot with a forced (Don't check cert type account).
I tried this already and it works on Windows 10 and Windows 8 pro versions.
Kind Regards
Heider Sati
You are supposed to use inf2cat, not makecat, because you have an INF file.
You should work on addressing those warnings from inf2cat by fixing your INF file. Here is my INF file that uses usbser.sys and doesn't cause any warnings: https://gist.github.com/3647208
I was able to fix my INF file thanks to the advice from chinzei in the first post of this thread: http://www.microchip.com/forums/m488342-print.aspx
If you continue to have trouble, please edit your question to include the source of your INF file, or at least a link to the source.
I encounter the same problem and was able to install my driver with a TEST certificate using the instructions provided here:
http://msdn.microsoft.com/en-us/windows/hardware/gg487328.aspx
I'm trying to create an IPA file for my application using XCode 3.2.5 (iOS SDK 4.0). But after doing the "Build and Archive" I try to "Save to disk..." the ipa file and nothing happens. The message "Generating IPA file" just dissapears.
I took a look into the console of the Mac and I think I found the issue but no idea how to fix it. These what I found on the console:
May 13 15:29:58 Jorge-Martin-Garcias-MacBook-Pro Xcode[246]: Running /usr/bin/xcrun with (\n "-sdk",\n iphoneos,\n PackageApplication,\n "-v",\n "/Users/jgarci17/Library/Application Support/Developer/Shared/Archived Applications/16A09235-185F-4F1E-9BFC-A935CAA5699E.apparchive/mWorkf.app",\n "-o",\n "/var/folders/pD/pDPQGhivGCCVBsrZpH0VaU+++TI/-Tmp-/D6E45F6F-264A-4714-955A-1EC44E78DFC0-246-0000AFED061085C5/mWorkf.ipa",\n "--sign",\n "iPhone Distribution: MyCompany LLC",\n "--embed",\n "/Users/jgarci17/Library/MobileDevice/Provisioning Profiles/48D38306-E65F-4D2B-A60A-B94CCD3D518A.mobileprovision"\n)
That seems to be fine, but later ...
May 13 15:29:58 Jorge-Martin-Garcias-MacBook-Pro [0x0-0x16016].com.apple.Xcode[246]: Arguments: embed=/Users/jgarci17/Library/MobileDevice/Provisioning Profiles/48D38306-E65F-4D2B-A60A-B94CCD3D518A.mobileprovision verbose=1
==>output_dir=/var/folders/pD/pDPQGhivGCCVBsrZpH0VaU+++TI/-Tmp-/D6E45F6F-264A-4714-955A-1EC44E78DFC0-246-0000AFED061085C5/mWorkf.ipa <===
sign=iPhone Distribution: MyCompany LLC
May 13 15:29:58 Jorge-Martin-Garcias-MacBook-Pro [0x0-0x16016].com.apple.Xcode[246]: Output directory: '/var/folders/pD/pDPQGhivGCCVBsrZpH0VaU+++TI/-Tmp-/D6E45F6F-264A-4714-955A-1EC44E78DFC0-246-0000AFED061085C5/mWorkf.ipa
As you see the output directory is including the ipa file name ! ... so later when the zip command wants to run, fails:
zip error: Could not create output file (/var/folders/pD/pDPQGhivGCCVBsrZpH0VaU+++TI/-Tmp-/D6E45F6F-264A-4714-955A-1EC44E78DFC0-246-0000AFED061085C5/mWorkf.ipa/mWorkf.ipa)
When the correct command should have been:
zip error: Could not create output file (/var/folders/pD/pDPQGhivGCCVBsrZpH0VaU+++TI/-Tmp-/D6E45F6F-264A-4714-955A-1EC44E78DFC0-246-0000AFED061085C5/mWorkf.ipa)
Any ideas?
To me it looks like the ipa file is being duplicated when it is being generated. The best thing I could suggest is clearing the archive in the organiser and trying to 'share' the application and re-saving the project.
Also, check all your provisioning profiles are installed in the organiser and the distribution certificate is installed in the keychain because this can also disrupt the exporting of an ipa file.
I've got a problem that I couldn't solve with a deep search in different resources as most of the "similar" points out to be an error with Icon.png size, etc...
I've tried to upload my application after verifying that:
Correctly builds and run on my device
That my certificates are installed properly
That my certs / profiles are not expired.
That the Icon.png has the proper size and format of 57x57 PNG.
And several other things.
Ran codesign --verify -vvvv MyApp.app which worked fine.
My ZIP File was properly done
When I've tried to upload through the iTunes connect interface I got the simple error above, and that's why I tried with ApplicationLoader, to try and find out what's causing the error looking at the console.
The console showed the following:
16/02/10 13:25:52 ApplicationLoader[549] *** Codesign error (please ignore invalid option comments): got requirements(0x800000, 534)
Executable=/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app/MyApp
Identifier=com.realtimed.MyApp
Format=bundle with Mach-O thin (armv6)
CodeDirectory v=20100 size=829 flags=0x0(none) hashes=33+5 location=embedded
Signature size=4333
Authority=iPhone Developer: My Name (XXXXXXXXX)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=16/02/2010 13:22:24
Info.plist entries=17
Sealed Resources rules=3 files=28
Internal requirements count=1 size=144
Executable=/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app/MyApp
got entitlements(0x800400, 317)
codesign_wrapper-0.7.3: using Apple CA for profile evaluation
codesign_wrapper-0.7.3: Caling codesign with the following args:
codesign_wrapper-0.7.3: /usr/bin/codesign
codesign_wrapper-0.7.3: --verify
codesign_wrapper-0.7.3: -vvvv
codesign_wrapper-0.7.3: -R=anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and certificate leaf[field.1.2.840.113635.100.6.1.4] exists
codesign_wrapper-0.7.3: --entitlements
codesign_wrapper-0.7.3: /var/tmp/signingbox/codesign_wrapper_entitlements.plist
codesign_wrapper-0.7.3: /var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app
**/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app: valid on disk
/var/folders/WZ/WZu24JnOGNe9L79GWq0IlU+++TI/-Tmp-/MyApp.zip/MyApp.app: satisfies its Designated Requirement
test-requirement: failed to satisfy code requirement(s)
codesign_wrapper-0.7.3: failed to execute codesign(1)**
Any help / feedback or ideas on how to solve the situation would be highly appreciated.
I found the solution to this problem after deeply looking at the log file.
Although I created my own Distribution Profile and assigned to the CODE SIGNING IDENTITY the correct value for the developer certificate, it didn't work giving me an error: "Application failed codesign verification".
The problem is at the following line:
Authority=iPhone Developer: My Name
(XXXXXXXXX)
Despite the correct selection in the project settings for the Distribution profile, XCode was compiling it with the developer certificate.
I finally solved it: Right click on the "Targets" -> Get info -> and there it was selected (don't ask me why) the wrong distribution certificate instead of the right one.
I corrected that and it finally was accepted.
Related links (you need a developer account): https://devforums.apple.com/message/147964
Excellent post. I too was having this trouble and after much headache realized that both the Project AND the Target should be checked for using the correct Code Signing Identity. Somehow Xcode was reverting back to the Developer Provisioning Profile instead of the Distribution Provisioning Profile. It even did so on a build right after I had deliberately selected the correct one!
I. To be safe, first do the following:
Clean all builds.
Delete contents of build folder in finder.
Delete existing code signing identities from the project and target settings.
Restart Xcode.
II. Then check the Project for the correct Provisioning Profile:
Go to Project Settings > Build Tab > Code Signing Identity
Select the appropriate Distribution Provisioning Profile
III. Now check the Target:
Target > Get Info > Build Tab > Code Signing Identity
Select the appropriate Distribution Provisioning Profile
IV. Cross fingers and hope you never see that blasted little yellow triangle again.
Cy took the right approach for solving this problem - When "Application failed codesign verification" is a build warning, expand that item in the build log and scan for the root cause of the failed signature verification.
In the case of Cy.'s original post you'll see that the root issue was "test-requirement: failed to satisfy code requirement(s)", and in my experience this is almost always caused by signing with the wrong certificate i.e. an iPhone Developer profile instead of iPhone Distribution.
The root cause is not always an obvious explanation, but should guide you at least with additional search terms or troubleshooting ideas.
For others experiencing the "Application failed codesign verification" during Xcode Archive Validation or Submission, look to the build log at Product > Archive time for a build warning by the same title and expand that for the root cause. Then take a look at Apple's complete list of potential causes of this error at the following URL "How do I resolve the error: Application failed codesign verification?"
Check that the TARGET (and not only the Project) is setup with the correct Code Signing Identity for Release