Category Archives: Signing

Get certificate information with openssl

To display certificate information of a certificate issue the command below:

openssl x509 -in certificate -text

Information about the certificate is displayed. Some important items are:

Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA

The Issuer is a CA that signed this certificate.

            Not Before: Feb  6 00:00:00 2015 GMT
           Not After : Feb 26 23:59:59 2016 GMT

The validity period of the certificate. Remember to renew your certificate before it expires!

Subject: OU=Domain Control Validated, OU=PositiveSSL,

The subject for this certificate. This certificate can be used for a website for the given CN.


Sign a MSI

Start a Visual Studio command prompt and create a test certificate with the command:

makecert -r -ss My -n “CN=Berend his Certificate” mycert.cer
-r create a self signed certificate.
This is a certificate without a certification path:

A regular certificate points to a Root agent:

-ss The store to use
-n The common name

Sign your MSI with this certificate:

signtool sign /n “Berend his Certificate” .msi

Result from signtool is something like:

Done Adding Additional Store
Successfully signed: .msi

You can display information about this certificate by following the steps in this article.

You can even check the public key (in C# code) by following the steps in this article.

Type certmgr.msc in a command prompt (or run command) and you will be directed to the Certification Manager snap-in. navigate to “Personal –> Certificates”; you can see your certificate created with MakeCert (command above) here: