Skip to content

Code signing with a Certum (Unizeto) code signing certificate

Jump to bottom Edit New page
joscha edited this page Dec 30, 2014 · 1 revision

If you have an Open Source project, you can get a free code signing certificate from Unizeto.

The steps to get the certificate itself are described in detail here.

Once you have the certificate, do the following:

  • get the private key from your browser (e.g. download it as .p12 from your keychain - do not set a password) and convert it into PEM format via openssl pkcs12 -in key.p12 -nodes -out private.key -nocerts
  • Open your .pem file that you downloaded from Unicert, add your private key beneath it, and the Public Key of Certum Level III CA from here beneath the private key, so it looks like this:
-----BEGIN CERTIFICATE-----
[your certificate from Certum]
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
[the private key you just converted from the .p12 file from your keychain]
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[the Certum Level III CA public key you just downloaded]
-----END CERTIFICATE-----
  • Save this file as cert_with_key_and_ca.pem
  • Run xpisign -k cert_with_key_and_ca.pem unsigned.xpi signed.xpi
  • Drag & Drop the signed.xpi into Firefox and you should see the author name where before there was a (Author not verified) message next to the extension name.
Add a custom footer
Add a custom sidebar
Clone this wiki locally