makecert.exe problem with special characters,...

[Kerem Gümrükcü]

Hi,

well, i am pretty sure that you noticed that i do have
a difficult name "Gümrükcü" and i am pretty stuck
on the makecert.exe, because it deformes my name
really bad. Invoking makecert.exe with "-n" Parameter
"CN=Kerem Gümrükcü;[email protected]", the result
looks like that:

http://www.pro-it-education.de/staff/keremg/misc/makecert_name_issue.jpg

Well, i am running that from a BAT File and automated the signing process
in that way, whenever my application is build successfully. The point is
that
my name isn't displayed "Gümrükcü" and the "ü" is replaced by a
superscripted
three. Looks like G3mr3kc3. At first i tried to replace the "ü" with "\x81"
but
didnt work. I am sure that there must be some way in repleacing the "ü" with
something so it will use it the right way in the certificate,...but how?
Dude,
this is basic windows knowledge,...(sigh), i know...but i could not find any
useful answer to my question by using google,...

Another question i have is, how i can supress the dialog box prompting
for Password when makecert.exe is running the first time to create the
files. Is there any command line switch i can use to pass the Password?

Thanks in advance,...

Regards

Kerem

 

[boris]

Hi,

well, i am pretty sure that you noticed that i do have
a difficult name "Gümrükcü" and i am pretty stuck
on the makecert.exe, because it deformes my name
really bad. Invoking makecert.exe with "-n" Parameter
"CN=Kerem Gümrükcü;[email protected]", the result
looks like that:

http://www.pro-it-education.de/staff/keremg/misc/makecert_name_issue.jpg

Well, i am running that from a BAT File and automated the signing process
in that way, whenever my application is build successfully. The point is
that
my name isn't displayed "Gümrükcü" and the "ü" is replaced by a
superscripted
three. Looks like G3mr3kc3. At first i tried to replace the "ü" with
"\x81" but
didnt work. I am sure that there must be some way in repleacing the "ü"
with
something so it will use it the right way in the certificate,...but how?
Dude,
this is basic windows knowledge,...(sigh), i know...but i could not find
any
useful answer to my question by using google,...

Another question i have is, how i can supress the dialog box prompting
for Password when makecert.exe is running the first time to create the
files. Is there any command line switch i can use to pass the Password?

Thanks in advance,...

Regards

Kerem

Hi,

I think, this will work:

1. With Notepad create a new empty text file (for example, a.txt) - don't
close Notepad yet;
2. Paste text: "CN=Kerem Gümrükcü;[email protected]" into Notepad;
3. Select Save as (in Notepad) and select UTF-8 encoding;
4. Close and re-open a.txt in Notepad (this step may be unnecessary);
5. Now in VS command window type:

makecert -n "

then copy and paste contents of a.txt (that is open in Notepad) onto command
line.

Add:

" -ss mynametest

Hit enter to execute the above command line.
6. Open Certificates MMC snap-in and inspect new certificate: mynametest -
it should be OK now.

Boris

 

[boris]

Hi,

I think, this will work:

1. With Notepad create a new empty text file (for example, a.txt) - don't
close Notepad yet;
2. Paste text: "CN=Kerem Gümrükcü;[email protected]" into Notepad;
3. Select Save as (in Notepad) and select UTF-8 encoding;
4. Close and re-open a.txt in Notepad (this step may be unnecessary);
5. Now in VS command window type:

makecert -n "

then copy and paste contents of a.txt (that is open in Notepad) onto
command line.

Add:

" -ss mynametest

Hit enter to execute the above command line.
6. Open Certificates MMC snap-in and inspect new certificate: mynametest -
it should be OK now.

Boris

Correction: enclosing double-qoutes might need to be in a.txt also: so
they're also UTF-8 encoded. So, instead of typing them in VS cmd windows -
just get the double-quoted string from Notepad.

Boris

 

[Kerem Gümrükcü]

Sorry, this doesnt work,....:-( any
more ideas?

Regards

Kerem

 

[Kerem Gümrükcü]

Hi,

well, i dont work with the VS Command Windows.
I run these scripts straight from the windows shell
with a cascaded bat file, that calls makecert, signtool, etc,...
in a chain but only the makecert.exe and my name do have
the problem,...

Regards

Kerem

 

[boris]

Sorry, this doesnt work,....:-( any
more ideas?

Regards

Kerem

Hi Kerem,

Sorry for all that Notepad stuff (which isn't necessary) - it just works on
Vista. See below.

It works for me. I'm running VS2005 SP1 on Vista SP1.

Here are commands (last step is "signtool verify" command that displays your
name correctly):

C:\Program Files\Microsoft Visual Studio 8\VC>makecert -n "CN=Kerem
Gümrükcü;[email protected]" -ss borisnametest4 -sv
c:\TEMP\borisnametest4.pvk c:\TEMP\borisnametest4.cer

C:\Program Files\Microsoft Visual Studio 8\VC>pvk2pfx -pvk
c:\temp\borisnametes4.pvk -spc c:\temp\borisnametest4.cer -pfx
c:\temp\borisnametest4.pfx -po alpha

C:\Program Files\Microsoft Visual Studio 8\VC>signtool sign /f
c:\temp\borisnametest4.pfx -p "alpha" "c:\temp\smb2
sample\server\myserver\debug\myserver.exe"


C:\Program Files\Microsoft Visual Studio 8\VC>signtool verify /a /v
"c:\temp\smb2 sample\server\myserver\debug\myserver.exe"

Verifying: c:\temp\smb2 sample\server\myserver\debug\myserver.exe
Unable to verify this file using a catalog.
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Signing Certificate Chain:
Issued to: Root Agency
Issued by: Root Agency
Expires: 12/31/2039 3:59:59 PM
SHA1 hash: FEE449EE0E3965A5246F000E87FDE2A065FD89D4

Issued to: Kerem Gumrukcu
Issued by: Root Agency
Expires: 12/31/2039 3:59:59 PM
SHA1 hash: ECA20E9C3B53BCA8DF9D95B66A61C0BB39676247

File is not timestamped.
SignTool Error: File not valid: c:\temp\smb2
sample\server\myserver\debug\myserv
er.exe

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1

Boris

 

[Stefan Kuhr]

Hi Kerem,

Hi,

well, i am pretty sure that you noticed that i do have
a difficult name "Gümrükcü" and i am pretty stuck
on the makecert.exe, because it deformes my name
really bad. Invoking makecert.exe with "-n" Parameter
"CN=Kerem Gümrükcü;[email protected]", the result
looks like that:

http://www.pro-it-education.de/staff/keremg/misc/makecert_name_issue.jpg

Well, i am running that from a BAT File and automated the signing process
in that way, whenever my application is build successfully. The point is
that
my name isn't displayed "Gümrükcü" and the "ü" is replaced by a
superscripted
three. Looks like G3mr3kc3. At first i tried to replace the "ü" with
"\x81" but
didnt work. I am sure that there must be some way in repleacing the "ü"
with
something so it will use it the right way in the certificate,...but how?
Dude,
this is basic windows knowledge,...(sigh), i know...but i could not find
any
useful answer to my question by using google,...

Another question i have is, how i can supress the dialog box prompting
for Password when makecert.exe is running the first time to create the
files. Is there any command line switch i can use to pass the Password?

Thanks in advance,...

Regards

Kerem

It looks like this is a OEM-to-Windows codepage conversion problem. The
ü Umlaut character is character 252 in Windows Codepage 1252. However,
the value 252 corresponds to the superscripted 3 in OEM codepage 850. If
we look up the value for the ü Umlaut in OEM codepage 850, we find it is
129 which is a reserved value in Windows Codepage 1252. So you obviously
can't just use the value 129. Is it possible that you write a program
that calls makecert with a Unicode commandline or an ANSI program that
calls AnsiToOem or OemToAnsi (don't know which one, most probably
AnsiToOem)?

Or another alternative is to use good old edit.com to edit your batch file.

 

[Alexander Grigoriev]

Correction: enclosing double-qoutes might need to be in a.txt also: so
they're also UTF-8 encoded. So, instead of typing them in VS cmd windows -
just get the double-quoted string from Notepad.

Boris

For lower 127 characters, UNICODE is the same as ANSI. Double quotes in
UTF-8 will be the same single characters as in ANSI.

 

[Alexander Grigoriev]

Judging by its imported symbols, makecert is an UNICODE app. But CMD.EXE
environment may screw things up. First, create a .CMD (not BAT) file and
make it UNICODE in NOTEPAD. Then, run the CMD file by:

cmd.exe /u /c file.cmd

See it that helps.

 

[Kerem Gümrükcü]

Hi Alexander,

sorry, i didnt work :-(.

Well, i am reall a lillte confused, since i
found out that something that trivial could
lead to such a big problem,...

Regards

Kerem

 

[Kerem Gümrükcü]

Hi,

well, i solved that, even though it is kinda unsual.
These are the steps:

1. I created a UNICODE textfile with Notepad and then
saved it to a directory of my choice.

The textfile includes this in my case:

"C:\program files\Microsoft SDKs\Windows\v6.1\Bin\makecert.exe" -sv
"C:\projects\MyTestApp\CodeSigning\MyTestAppKey.pvk" -n "CN=Kerem
Gümrükcü;[email protected]"
"C:\projects\MyTestApp\CodeSigning\MyTestAppCertificate.cer"

2. I renamed the new textfiles extension to *.cmd. In my case its
"makecert.cmd"

3. then i created a second file named "Build Certificate.bat" and saved it
as UNICODE too.

The file contains this:

cmd /U /C "more makecert.cmd | cmd"

As others here gave me good advise with the /U /C parameters, i create
a UNICODE Environment Console for further processing and then execute
the "more" command inside the UNICODE cmd shell and redirect the output
with the pipe redirection operator to the next cmd shell Console.
After processing the other steps (cert2spec,pvk2pvx,singtool,etc,...) i get
this
on my executable:

http://www.pro-it-education.de/staff/keremg/misc/certificate_name_problem_solved.jpg

Now i am happy,...hope this helps others and thanks to all replies!

Regards

Kerem