Defining an application as signed

WebClient Applications

Designing Security : Digitally signing files : How WebClient uses digital signatures : Defining an application as signed

Now that you have your keys and certificate, you can digitally sign an application.

1. Open the Generate dialog of the WebClient Application Assembler. For more information on this dialog, see Files generated by the WebClient Application Assembler.

2. Click Security, the Security dialog opens.

3. In the Digital signature for generated files section, select one the following options:

From registry: Select if the digital signature information resides in the registry.

From file: Select if the digital signature information resides in a certificate file, and you have a separate private key file.

We provide this option for the WebClient applications created on OpenEdge releases prior to 11.3, when the certificate and private key files were required separately. From OpenEdge 11.3 release, signtool.exe requires a Personal Information Exchange (PFX) file when signing from files. The WebClient Application Assembler uses pvk2pfx.exe to create a temporary PFX file and signs the cabinet files. It deletes the temporary file once the signing is complete.

From PFX File: Select if the digital signature information resides in a PFX file.

4. Enter the path for the signing tools in the Path To Signtool.exe.

Note: If you have set the environment variables (see Making Microsoft signing tools available to OpenEdge), OpenEdge populates the path in this field. You can also change the pre-populated value.

When you define an application as signed and you generate the application, the Application Assembler adds a copy of your public-key certificate to each cabinet file and digitally signs them.