How to create your own code signing certificate and sign an ActiveX component in WindowsAll feedback and comments should be directed to firstname.lastname@example.org
Problem OverviewUsers can not install an ActiveX component because it is not signed. They can not override the security settings of Internet Explorer to allow installation.
Usual solution is to obtain a code signing certificate from a CA like Verisign or Thawte, but this is overkill for internal networks or small scale applications
Solution OverviewThis article describes how to do the following:
LimitationsOnce signed you can distribute the ActiveX component to any user, BUT the user must install the Root CA and Intermediate Certificates as well for installation to be allowed.
If you want users to install an ActiveX component without the Root and Intermediate certificates then buy a code-signing certificate online from Thawte or Verisign.
Try our search engine integrator: Scoorch and Accelerate your search experience!
It took several days to work through to this final simple solution because there was no end-to-end document available for creating the certificates and signing an ActiveX component.
The following links proved useful in finding the solution:
Verisign notes on signtool
Dallaway on creating and signing Java Apps
Mark Foster on OpenSSL and KeyTool exchanges
Self signed cert for Apache
Self signed cert for Mobile Phones
More on self signing cert for Mobile Phones
23 May 2007 - Added more detailed SDK instructions to avoid downloading the whole SDK
05 Feb 2007 - Added links to find the Microsoft SDK and a simple OpenSSL install for download