forked from nmaier/xpisign.py
-
Notifications
You must be signed in to change notification settings - Fork 0
Code signing with a Certum (Unizeto) code signing certificate
joscha edited this page Dec 30, 2014
·
1 revision
If you have an Open Source project, you can get a free code signing certificate from Unizeto.
The steps to get the certificate itself are described in detail here.
Once you have the certificate, do the following:
- get the private key from your browser (e.g. download it as .p12 from your keychain - do not set a password) and convert it into PEM format via
openssl pkcs12 -in key.p12 -nodes -out private.key -nocerts
- Open your .pem file that you downloaded from Unicert, add your private key beneath it, and the
Public Key of Certum Level III CA
from here beneath the private key, so it looks like this:
-----BEGIN CERTIFICATE-----
[your certificate from Certum]
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
[the private key you just converted from the .p12 file from your keychain]
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[the Certum Level III CA public key you just downloaded]
-----END CERTIFICATE-----
- Save this file as
cert_with_key_and_ca.pem
- Run
xpisign -k cert_with_key_and_ca.pem unsigned.xpi signed.xpi
- Drag & Drop the
signed.xpi
into Firefox and you should see the author name where before there was a (Author not verified) message next to the extension name.