|
Thawte代码签名证书支持多用途多平台常见问题问题
|
| 以下常见问题问题根据Thawte网站上有关内容整理翻译,点击 这里 查看原文(英文)。 |
| 1. 简介 Introduction |
只有Thawte才支持购买一个证书可以同时用于微软代码签名、微软Office宏签名、NetScape代码签名、Apple代码签名签名和Marimba代码签名。可惜的是,由于Java代码代码签名证书不能与以上平台互通而无法做到全支持。本使用指南为您提供了如何支持多平台签名的使用方法。
It is possible to buy one Developer Certificate from thawte and to use it for Microsoft Authenticode, Microsoft Office 2000/VBA Macro Signing, Netscape Object Signing, Apple Code Signing and Marimba Channel Signing. Unfortunately Java code signing certificates are still not interoperable with these platforms. There are a variety of ways to take advantage of the interoperability of thawte Code Signing Certificates. We've outlined what we believe to be the best method below. |
| |
| 2. 什么是多用途代码签名证书?What are "multi-purpose" code signing certificates? |
答:一般的代码签名证书只能用于某个指定的平台(如VeriSign),但Thawte多用途代码签名证书可以多个应用平台,这样您就不用为每个应用平台购买多个签名证书而节省费用!如:您可以只购买微软多用途代码签名证书就可以同时用于签名NetScape代码、Office宏代码、Apple(苹果)代码等。
thawte multi-purpose code-signing certificates can be used by more than one code signing application, so you do not have to buy a certificate for each application you want to sign! For example, you can request an MS Authenticode certificate, and use it for Netscape code-signing, Office VBA applications, Apple, etc. |
| |
| 3. 为何Thawte的多用途代码签名证书能支持多种签名技术? How does your multi-purpose certificate support multiple signing technologies? |
答:一个签名证书能做什么是基于证书标准X.509v3中的扩展字段来决定的,而Thawte工程师已经研究出如何在一个证书中包含支持多个平台所需的字段,这样所有开发平台都能读出证书有关信息而支持各种开发平台。
What digital certificates can do is based on the X509v3 extensions contained in them. Our engineers have worked out how to include all the required code-signing extensions in one certificate. So, each type of developer certificate has the X.509v3 extensions of the other developer certificate types, and can be understood across those applications. |
| |
| 4. 我如何申请多用途代码签名证书? How do I request a Multi-purpose code signing certificates? |
| 答:请使用WoTrust为您提供的Thawte数字证书在线申请系统申请,在申请时请选择:Microsoft Authenticode (Multi-Purpose) Certificate (微软多用途签名证书)即可。 |
| |
| 5. 为何要备份我的私钥文件(.pvk)? How do I backup my Private Key (.pvk file)? |
答:用户遇到最多的问题是私钥问题,如果您丢了私钥或忘了私钥密码,您就无法使用代码签名证书。为了避免此类事情的发生,您一定要备份您的私钥文件.pvk,并在笔记本上记下私钥密码。WoTrust建议用户把私钥文件.pvk和公钥证书(.spc)文件合并为一个Windows支持的.pfx格式文件并导入Windows证书存储区,不仅签名方便,还不用记密码,请参考转换指南。
By far the most common problem users have when going through this process is related to Private Keys (.pvk file). If you lose or cannot access a Private Key, you cannot use the Certificate we issue to you. To ensure this never happens, we advise that a backup of the Private Key file is made and that a note is made of the password that is used to protect the export of the Private Key. |
| |
| 6. 我可以使用NetScape代码签名证书来签名微软代码? How do I use a Netscape Object-Signing Certificate for Microsoft Authenticode? |
答:是的,Netscape代码签名证书中也含有支持微软代码签名的扩展字段,您只有使用NetScape浏览器导出签名证书为.p12(.pfx)格式证书后,在导入到IE浏览器中即可。
Netscape Object-Signing certificates also contain the Microsoft code-signing extension. It is possible to sign a Netscape file with a converted Microsoft Authenticode certificate. |
| |
| 7. 我可以使用NetScape代码签名证书来签名Java代码吗? Can I use a Netscape Object-Signing Certificate for Java Code Signing? |
答:是的,详细的签名指南,请查询知识库:vs32901.
Yes, you can. For detailed instructions on how to do so, follow the instructions listed in KB solution: vs32901 |
| |
| 8. 我可以使用微软代码签名证书来签名NetScape代码吗? Can I use a MS Authenticode/Office 2000 certificate for NS Object-Signing? |
答:是的,详细的签名指南,请查询知识库:vs23028.
Yes, you can. Our Microsoft Authenticode certificates also contain the Netscape Object-Signing X509v3 extensions. For detailed instructions on how to do so, follow the instructions listed in KB solution: vs23028 |
| |
| 9. 我可以使用微软代码签名证书签名Java代码吗? Can I use a MS Authenticode/Office 2000 certificate for Java Code Signing? |
答:是的,详细的签名指南,请查询知识库:vs10593。
Yes, you can. For detailed instructions on how to do so, follow the instructions listed in KB solution: vs10593 |
| |
| 10. 为何不能使用Java代码签名证书来签名其他平台代码? Why can't I use JavaSoft certificates with the other code-signing technologies? |
答:Java代码签名证书被导入到JKS Keystore后把私钥和签名证书绑在一起了,而其他平台无法识别其私钥文件而无法从keystore中导出。
JavaSoft Certificates are imported into JKS keystores which contain the private key attached to the Certificate. Unfortuntately the private key is in a format that cannot be understood by other signing applications and cannot be exported in a different format from the keystore. |
| |
| 11. 为何无法从IE中导出我的签名证书(提示无法导出私钥)? The option to export my key from IE in PKCS#12 format is greyed out! |
| 答:有两种可能: There are two possible causes for this error, please check all of the following: |
(1) 您在导入证书时设置为不可导出的私钥,缺省是不可导出的,主要是为了防止有人偷导出您的私钥;
When a certificate is imported into the Internet Explorer certificate store, one is prompted to mark the key as exportable/non-exportable, and this error is displayed when the key is not marked as exportable during this process. If the key is not marked as exportable this setting cannot be altered at a later stage. |
(2) 您只把公钥证书导入到浏览器中,并没有同时导入私钥,您在收到公钥证书后必须把公钥证书(.spc)文件和私钥文件(.pvk)转换成.pfx格式才能正确导入到浏览器中。请参考转换指南。
This error is displayed if the certificate file is not attached to the private key file, as only the certificate file has been imported into Microsoft Internet Explorer's certificate store. If one imports only the certificate file Internet Explorer will not automatically attach it to the private key file it corresponds to. |
| |
| 13. 如何导出证书为.p12格式? Export the Certificate and Key to a .p12 |
答:在IE浏览器的“工具”-“Internet选项”-“内容”-“证书”-“个人”中选中您要导出的证书,点击“导出”即可。
In Internet Explorer, click on Tools > Internet Options > Contents > Certificates. Export the certificate to a .pfx (PKCS#12) file. During the process indicate, using the appropriate checkbox, that you would like to export the private key as well. |
| |
| 14. 如何导入到NetScape中? Import Into Netscape |
答:把从IE中导出的.pfx格式证书导入NetScape浏览器即可。请注意:NetScape要求证书有一个“好记的名称”,您在从IE浏览器导出证书之前,请先选中该证书,点击下面的“查看” ,再点击“详细信息”-“编辑属性”,就可以为您的证书命名一个好记的名称,然后再导出证书。
Follow the instructions to add the PKCS#12 file to your Netscape browser. A side effect of importing a MSIE .pfx file is that the "friendly name" that appears in the Netscape certificate list and with which you reference the certificate with is decidedly not friendly! |
| |
| 15. 如何导入证书到苹果机中?Import into Apple |
答:如果您要使用Apple代码签名证书,您需要先在Windows中把证书导出为.p12(.pfx)格式文件,再导入到苹果机的证书链(keychain)窗口中,会提示您输入证书私钥密码,之后会提示您是否需要输入一个密码来保护您的签名证书,强烈建议您设置一个密码来保护您的Apple代码签名证书。
If you wish to use your certificate for Apple Code Signing you need to start this process on the Windows platform because IE for the Mac does not support code signing certificates. Once the key is exported to the .p12 format (PKCS#12) you should be able to import it onto the keychain. In the Finder, open the certificate backup file you created in the above step or drag the backup file out of the Finder and drop it onto an open, unlocked keychain window. You will be prompted for the password for the backup file. Once you enter that password, the keychain will ask whether you want to protect your signing certificate with a password. With this added protection, you will be prompted for your password with every use of your Apple Code Signing Certificate. Note: It is strongly advised that you protect your Apple Code Signing Certificate in your keychain with this additional password.
|
。 |
