James Teh edited this page Nov 9, 2015 · 1 revision

Using a Self-signed Certificate

In order to access applications running as administrator in Windows Vista and later, NVDA must have the uiAccess privilege, which requires that it be signed by a trusted authenticode certificate. Such a certificate can be purchased from various certified certificate authorities.

You can also generate a self-signed certificate. However, copies of NVDA signed by a self-signed certificate will not function on systems where it is not installed as a trusted root certificate, so this is only suitable for personal use.

Following are instructions on how to generate and install a self-signed certificate. This is not supported and should only be attempted by developers who know what they are doing and are aware of the risks. If the private key is compromised, this poses a serious security risk to your system. You have been warned. Please do not ask further questions on this topic.

Generating the Certificate

Obviously, the names and file names provided below can be adjusted.

  1. Open a Microsoft Windows SDK CMD Shell.

  2. To create the certificate:br

    makecert -r -n "CN=selfsigned" -sv selfsigned.pvk selfsigned.cert
  3. To convert it to the required formats:br

    cert2spc selfsigned.cert selfsigned.spc
    pvk2pfx -pvk selfsigned.pvk -spc selfsigned.spc -PFX selfsigned.pfx
  • You can now delete selfsigned.pvk.
  • selfsigned.pfx is the certificate containing the private key. It is used to sign executables.
  • selfsigned.spc only contains the public key. This is the certificate which must be installed on systems where you want to run signed executables.

Installing the Certificate

Use the following command:

    certutil -addstore root selfsigned.spc

Building NVDA Signed with the Certificate

Supply the pfx file in the certFile parameter when building NVDA with SCons. See readme.txt in the NVDA source distribution for details.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.