Tuesday, March 14, 2023
HomeReactPutting in a Code Signing Cert from Sectigo (to signal an Electron...

Putting in a Code Signing Cert from Sectigo (to signal an Electron app on Home windows)

So, you obtain a code signing certificates on your Electron app. One step nearer to with the ability to launch your app on Home windows. Congrats!

Lastly, 3 weeks later, after just a few telephone calls, Sectigo issued the certificates. Woohoo! The e-mail went to spam and also you didn’t see it for 3 days, however hey, we’re making progress.

Of their e mail, they are saying in large pink letters that you will need to use Web Explorer to obtain it (or an historic model of Firefox).

And you then strive that, and it fails. As a result of whenever you ordered the cert, you didn’t use the on-page software that required utilizing an historic internet browser. You used OpenSSL to create your certificates signing request (CSR) and personal key.

So that you name them, and so they inform you to name your reseller. Wait – SectigoStore isn’t really owned by Sectigo? Haha nope, completely different firm.

However regardless of – their pretty dwell chat folks level you at this web page of directions for changing the code signing cert to a PFX, involving some kind of software that will or might not be linked from that web page.

So now you’re caught. Effectively, I used to be caught right here too. Right here’s what to do to obtain the code signing certificates to a PFX file that may really be used to signal some code.

  1. Obtain the certificates utilizing the hyperlink in your e mail, however don’t use Web Explorer. Use Chrome or Edge as an alternative. You’ll get a person.crt file.

IE (and presumably, historic Firefox, I didn’t strive) will attempt to set up the certificates into your system utilizing a non-public key that’s already put in. However you didn’t use IE within the first place, so that you don’t have a non-public key put in, which is why that failed.

  1. Convert the person.crt from the binary DER format that it got here with, right into a PEM format that OpenSSL can work with.

    openssl x509 -inform der -in person.crt -out person.pem

In case your person.crt file is already in PEM format, you may skip this step. PEM format is apparent textual content and begins with ------ BEGIN BLAH BLAH ------.

  1. Mix the PEM certificates with the non-public key and the Sectigo root/intermediate CA cert into one large PFX file. Get the Sectigo CA cert on the very backside of this web page that the useful SectigoStore chat particular person gave you.

    openssl pkcs12 -export -in person.pem -certfile SectigoRSACodeSigningCA.crt -inkey privatekey.key -out code-signing-cert.pfx

It’ll ask you for a password. Ensure to avoid wasting that someplace. You’ll want it to do the precise code signing.

If OpenSSL hangs for you (prefer it did for me, utilizing a Git Bash shell on Home windows 10), prepend the instructions with winpty.

And now, in case you haven’t forgotten your non-public key password, you ought to be all set! The code-signing-cert.pfx

From right here, since I’m utilizing electron-builder, I made a .env file within the root of the mission with 2 keys:


Run the construct, and hopefully code signing will work! Superior. Time to get again to actual work.

Success! Now verify your e mail.

Studying React could be a wrestle — so many libraries and instruments!
My recommendation? Ignore all of them 🙂
For a step-by-step method, try my Pure React workshop.

Pure React plant

Be taught to suppose in React

  • 90+ screencast classes
  • Full transcripts and closed captions
  • All of the code from the teachings
  • Developer interviews

Begin studying Pure React now

Dave Ceddia’s Pure React is a piece of monumental readability and depth. Hats off. I am a React coach in London and would completely suggest this to all entrance finish devs desirous to upskill or consolidate.

Alan Lavender

Alan Lavender




Please enter your comment!
Please enter your name here

Most Popular

Recent Comments