Hi tried to use my ssl in pfx format with password but getting this error
Certificate validation found following warnings: Enhanced key usage "Code signing" not found in certificate
Can anyone advise what this error means?
Page 1 / 1
Hi
Hi Roy,
“code signing” is one of the possible extended keys found in an x509 certificate. You can view the x509 certificate with common tools such as openssl or keytool. openssl command:
openssl x509 -in <your certificate> -text -nooutBe sure to to run this on the x509 certificate, not the PFX bundle which contains multiple x509 certificates. If it was created with the code signing you will see it listed in the output. Code signing is not enabled by default and must be specified when creating the x509 certificate prior to sending it to be signed by a CA.
Please see the following IFS documentation on the topic. Quote:
Code Signing
Validates that the code signed with this certificate is tied to the company named in the certificate.
The requirement from IFS side is a Domain Validated Server Certificate. Normally a Domain Validated Server Certificate can be used for code signing with F1mage in the installer. The installer will not warn if the OHS certificate is used for client signing by F1mage even if the Certificate is not registered as a code signing certificate. [<omitted>
The more accurate way of signing the IEE client with F1mage is to have a separate code signing certificate for IEE.
As indicated here, if you do not specify a separate certificate for signing the ClickOnce package via F1Mage and just use the same certificate as the web server then this step can be completed even if the web server certificate is not enabled for code signing.
Best regards -- Ben
Hi Roy,
“code signing” is one of the possible extended keys found in an x509 certificate. You can view the x509 certificate with common tools such as openssl or keytool. openssl command:
openssl x509 -in <your certificate> -text -nooutBe sure to to run this on the x509 certificate, not the PFX bundle which contains multiple x509 certificates. If it was created with the code signing you will see it listed in the output. Code signing is not enabled by default and must be specified when creating the x509 certificate prior to sending it to be signed by a CA.
Please see the following IFS documentation on the topic. Quote:
Code Signing
Validates that the code signed with this certificate is tied to the company named in the certificate.
The requirement from IFS side is a Domain Validated Server Certificate. Normally a Domain Validated Server Certificate can be used for code signing with F1mage in the installer. The installer will not warn if the OHS certificate is used for client signing by F1mage even if the Certificate is not registered as a code signing certificate. [<omitted>
The more accurate way of signing the IEE client with F1mage is to have a separate code signing certificate for IEE.
As indicated here, if you do not specify a separate certificate for signing the ClickOnce package via F1Mage and just use the same certificate as the web server then this step can be completed even if the web server certificate is not enabled for code signing.
Best regards -- Ben
Hi Ben,
actually we are facing the same problem, for what i”ve discovered the CA not allow more de “Code Signing” inside the SSL certificates since 2023. Actually the Code Signing is delivered by HSM or physical support and i don’t think that IFS MW can accept this type of certificate.
We have created the CSR with Code Signing as specified inside the IFS documentation here :
And sent to the CA for sign.
But what we have received back is not accepted by MW as missed Code Signing.
Any Ideas ?
Regards
Christian
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.