好人勿用™

關於部落格
心寬念純●一生懸命●大願成就●幸福長久
  • 122176

    累積人氣

  • 24

    今日人氣

    0

    訂閱人氣

現代虎符 - CA(憑證)

 因應專案...
EV CA Survey for Phoenix

Extended validation code signing certificates
(required for UEFI, kernel-mode drivers, and LSA certifications)

https://msdn.microsoft.com/en-us/library/windows/hardware/hh801887(v=vs.85).aspx

ComboStyle™之第一次買CA就上手之...

 俗擱大碗ㄟ... DigiCert!!!
 US 479 (NT15,989) for 3 years


https://www.digicert.com/friends/sysdev/

Step1: 填單
DigiCert Order Form - Purchase Digital Certificates
https://www.digicert.com/order/order-1.php

Step2: 商家 for 組織

 Digicert will need your organization to be listed on the Dun and Bradstreet (D&B),
Google My Business, or Data.com Connect business directory.
Please follow one of the links below to list your company:
Data.com Connect - https://connect.data.com/
Google My Business - https://www.google.com/business/ 
                                  (must be Google My Business, Google+ is not sufficient)
https://goo.gl/kTKVFQ
(Google Bussiness裡的電話很重要...)

Step3: 確認 by Phone Call

(:-P Digicert會打公司電話用英文與你確認身分)

Step4: Legal Review
Section 4.9.1 of our Certificate Policy, which coincides with the Baseline Requirements for issuance of certificates for all Certificate Authorities, states the following regarding circumstantial situations associated with revocation:
https://www.digicert.com/docs/cps/DigiCert_CP_v410-Sept-12-2016-signed.pdf
"For code-signing certificates, the certificate was used to sign , publish, or distribute malware or
other harmful content, including any code that is downloaded onto a user’s system without their consent."
EV Code Signing certificates are under strict scrutiny for being associated with PUP, Malware and/or
Adware among other things. Microsoft has specifically requested we not issue any EV Certificates to entities with confirmed instances.
(8-) 大公司也有著被打槍的風險...)

Step5: HSM Audit Letter  Sign

@ EV Code Signing HSM Audit Letter


Step6: 簽收 @ 2016.12.16


Step7: 激活eToken
Activate Your EV Code Signing Hardware
https://www.digicert.com/code-signing/ev-code-signing-certificate-installation.htm

SafeNet eToken 5110 Token-Based Authentication

Token category: Hardware
Reader name: AKS ifdh 0
Serial number: 0x02538d1a
Total memory capacity: 81920
Free space: 32767
Hardware version: 12.0
Firmware version: 12.0
Card ID: 02538D1A
Product name: SafeNet eToken 5110
Model: Token 12.0.0.0 12.0.12
Card type: Java Card
OS version: eToken Java Applet 1.7.7
Mask version: 10.0 (a.0)
Color: Black
Supported key size: 2048 bits
Token Password: Present
Token Password retries remaining: 10
Maximum Token Password retries: 10
Administrator Password: Absent
FIPS: FIPS 140-2 L3 initialized
Common Criteria: N/A
Sign padding on-board: Yes
RSM: N/A
ECC: Supported

 
Once you have installed the driver software, insert the token and change the password.
The current password that you will need to enter is: kDIRyNnVG7EhIhWG
*Note: Your pre-assigned password will only be visible once. Make sure to take note of this password so you can access the certificate on your token.


a.) Install the Device Driver and Client Software
      https://www.digicert.com/code-signing/safenet-client-installation.htm
b.) Change your eToken's password
      https://www.digicert.com/code-signing/changing-secure-token-password.htm



Step8: Study...
 How it Works



Step9: Downloading the Code Signing Cross-Certificate

Before you can use Signtool to sign applications, you need to download the DigiCert Code Signing Cross-Certificate on the computer where you installed your Code Signing Certificate. You will need to specify this certificate in Signtool.

Click here to download the DigiCert Code Signing Cross-Certificate

 All DigiCert® SSL Certificates issued with expiration dates after January 2011 are issued from a 2048-bit certificate path. The root certificate in this path is titled DigiCert High-Assurance EV Root CA and is already trusted by all modern browsers.

Cross-Certificates for Kernel Mode Code Signing
https://msdn.microsoft.com/zh-tw/windows/hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing



https://www.digicert.com/ssl-support/windows-cross-signed-chain.htm

Step10: Signtool實作
Sign with cross-certificate for SHA1&SHA256


eToken password


Successfully Signed!!!


Step11: DigiCert® Certificate Utility for Windows
Certificate Management & Troubleshooting Made Easy

https://www.digicert.com/util/

The Utility simply mirrors information that is in the personal certificate store of the local computer account, where the utility is being run.
Likely one is the main cert and one is a duplicate certificate of that main one. Nothing is wrong with having more than one certificate on the server.
Likely any one of them could be used, as long as they both have the private key for each certificate, and the name you need to secure is listed on the certificate.

LIVE CHAT

https://www.digicert.com/contact-digicert-inc.htm




Step13: Ending
第一次買CA就上手網誌的最後...

虎符,乃為古代發兵或表明身份的憑證!!!

(虎符與清同志虎一點關西都沒有... )


國際駕照 + ESTA
http://blog.yam.com/combo/article/86130510

RSA (Cryptosystem)
http://blog.yam.com/combo/article/123711051

                       

 
                     EV Shield
 
                 Combo™ Huang

                   第一買CA就上手

                  @ 1225行憲紀念日

http://www.catalog.update.microsoft.com/home.aspx

相簿設定
標籤設定
相簿狀態