Creating Self-Signed Certificates

<< Click to Display Table of Contents >>

RayPack > 7.3 u6 > User Guide > Advanced Topics > Digital signing 

Creating Self-Signed Certificates

Before you can sign your MSI file, you need a digital certificate. While self-signed certificates are typically not suitable for production software, they can be useful for development and testing purposes. Here's how to create a self-signed certificate:

 

There are many different techniques for creating a self-signed certificate, using various tools (such as makecert) and PowerShell commands. In this chapter we will show just one of them, which produces files suitable for use by RayPack.

 

$PublisherFriendlyName = "Raynet"; ### Replace with a friendly display name

$PublisherName = "CN=Raynet"; ### This must be a valid DN-string, see https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/distinguished-names

$Password = "Password123";

$OutputDirectory = "C:\RayPack\PackPoint\Certificates"; ### Where to save the files

$NotAfter = (Get-Date).AddDays(30);  ### The certificate will be valid for 30 days from today. Change accordingly

 

$certificate = New-SelfSignedCertificate -NotAfter $NotAfter -Type Custom -KeyUsage DigitalSignature -Subject $PublisherName -FriendlyName $PublisherFriendlyName -CertStoreLocation 'Cert:\CurrentUser\my';

$securePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText;

 

$pfxFullPath = (Join-Path $OutputDirectory $PublisherFriendlyName) + ".pfx";

$cerFullPath = (Join-Path $OutputDirectory $PublisherFriendlyName) + ".cer";

 

if (-not (Test-Path $OutputDirectory))

{

    New-Item -Path $OutputDirectory -ItemType Directory | Out-Null;

}

 

$certificate | Export-PfxCertificate -FilePath $pfxFullPath -Password $securePassword | Out-Null;

$certificate | Export-Certificate -Type Cert -FilePath $cerFullPath | Out-Null;

Remove-Item $certificate.PSPath;

 

The script does the following:

 

It creates a self-made digital certificate, like a digital ID card for your software.

The certificate is configured with a name, expiration date, and a password.

This certificate is saved in a specific folder on your computer.

After saving the certificate to a file, it's cleaned up from your computer.

 

papercliper

Warning:

Such a certificate can be used for testing and development, but not for real-world security.