{"id":262,"date":"2016-01-19T14:08:53","date_gmt":"2016-01-19T14:08:53","guid":{"rendered":"http:\/\/www.pkipartner.support\/?page_id=262"},"modified":"2016-01-28T10:32:17","modified_gmt":"2016-01-28T10:32:17","slug":"codesign-signing-an-xpi-windows","status":"publish","type":"page","link":"https:\/\/pkipartner.com\/support\/codesign-signing-an-xpi-windows\/","title":{"rendered":"Codesign &#8211; Signing an XPI (Windows)"},"content":{"rendered":"<h1>Signing an XPI (Windows)<\/h1>\n<p><span style=\"text-decoration: underline;\">How to sign Mozilla* Add-ons (XPI) with Windows 2000 and XP<\/span><\/p>\n<p>* Firefox, Sea Monkey, and Thunderbird<\/p>\n<p><strong>Signing Tools<\/strong><br \/>\n* <a href=\"ftp:\/\/ftp.mozilla.org\/pub\/mozilla.org\/security\/nss\/releases\/\">Network Security Service (NSS)<\/a><br \/>\nCurrent Windows Release: <a href=\"ftp:\/\/ftp.mozilla.org\/pub\/mozilla.org\/security\/nss\/releases\/NSS_3_11_RTM\/WINNT5.0_OPT.OBJ\/nss-3.11.zip\">nss-3.11.zip<\/a> as of 5 May 2006.<\/p>\n<p>* <a href=\"http:\/\/ftp.mozilla.org\/pub\/mozilla.org\/nspr\/releases\/\">Netscape Portable Runtime (NSPR)<\/a><br \/>\nCurrent Windows Release: <a href=\"http:\/\/ftp.mozilla.org\/pub\/mozilla.org\/nspr\/releases\/v4.6.4\/msvc6.0\/WINNT5.0_OPT.OBJ\/nspr-4.6.4.zip\">nspr-4.6.4.zip<\/a> as of 21 November 2006.<\/p>\n<p><strong>Documentation<\/strong><br \/>\n* <a href=\"http:\/\/www.mozilla.org\/projects\/security\/pki\/nss\/index.html#Documentation\">NSS<\/a><br \/>\n* <a href=\"http:\/\/www.mozilla.org\/projects\/nspr\">NSPR<\/a><br \/>\n* <a href=\"http:\/\/www.mozilla.org\/projects\/security\/pki\/nss\/tools\/\">NSS-Tools<\/a><\/p>\n<p><strong>Important Note:<\/strong> If the CA that signed your Code Signing Certificate is <strong>Comodo Code Signing CA<\/strong>, please contact support in order to re-issue your certificate off of <strong>Comodo Code Signing CA 2<\/strong>.<\/p>\n<p><strong>Signing Procedure<\/strong><\/p>\n<ul>\n<li>Extract Contents of both (NSS and NSPR) ZIP files to the same local folder, e.g. <strong>C:\\XPISign\\<\/strong><\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\"><a href=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-1.png\" rel=\"attachment wp-att-598\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-598 size-full\" src=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-1.png\" alt=\"CodeSign XPI 1\" width=\"645\" height=\"36\" srcset=\"https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-1.png 645w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-1-300x17.png 300w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-1-250x14.png 250w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-1-150x8.png 150w\" sizes=\"(max-width: 645px) 100vw, 645px\" \/><\/a><\/p>\n<p style=\"padding-left: 60px;\">Add the NSS tools <strong>bin\/<\/strong> and <strong>lib\/<\/strong>, and the NSPR <strong>lib\/<\/strong> directories to the system path.<br \/>\n<em>set PATH=C:\\XPISign\\nss-3.11\\bin\\;C:\\XPISign\\nss-3.11\\lib\\;C:\\XPISign\\nspr-4.6.4\\lib\\; %PATH%<\/em><\/p>\n<p style=\"padding-left: 90px;\">\n<ul>\n<li><strong>More permanent approach:<\/strong> <em>Control Panel -&gt; System Properties-&gt; Advanced -&gt; Environment Variables -&gt; System Variables<\/em><\/li>\n<li>Create the certificate database.<br \/>\n<strong>-&gt; <\/strong>certutil -N -d .<\/p>\n<p><strong>Note: <\/strong>Decide which directory to create the database in as the dot (.) indicates your present working directory.<\/li>\n<\/ul>\n<p style=\"padding-left: 90px;\"><a href=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-2.png\" rel=\"attachment wp-att-597\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-597 size-full\" src=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-2.png\" alt=\"CodeSign XPI 2\" width=\"463\" height=\"90\" srcset=\"https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-2.png 463w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-2-300x58.png 300w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-2-250x49.png 250w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-2-150x29.png 150w\" sizes=\"(max-width: 463px) 100vw, 463px\" \/><\/a><\/p>\n<ul>\n<li>Install your certificate and its chain of trust.<\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\">\n* Install Comodo&#8217;s Root Authenticode CA to the certificate database. (UTN-USERFirst-Object)<br \/>\n<strong>-&gt; <\/strong>certutil -A -n &#8220;UTN-USERFirst-Object&#8221; -t &#8220;TC,TC,TC&#8221; -d . -i &#8220;UTN-USERFirst-Object.crt&#8221;<\/p>\n<p>* Install Comodo&#8217;s Intermediate CA.<br \/>\n<strong>-&gt; <\/strong>certutil -A -n &#8220;Comodo Code Signing CA 2&#8221; -t &#8220;TC,TC,TC&#8221; -d . -i &#8220;COMODOCodeSigningCA2.crt&#8221;<\/p>\n<p>* Install your certificate (without its private key).<br \/>\n<strong>-&gt; <\/strong>certutil -A -n &#8220;My Code Signing Certificate&#8221; -t &#8220;u,u,u&#8221; -d . -i &#8220;my-cert.crt&#8221;<\/p>\n<p><strong>Note:<\/strong> All certificates for import should be in PEM format!<\/p>\n<p style=\"padding-left: 60px;\"><a href=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3.png\" rel=\"attachment wp-att-596\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-596 size-full\" src=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3.png\" alt=\"CodeSign XPI 3\" width=\"874\" height=\"71\" srcset=\"https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3.png 874w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3-300x24.png 300w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3-768x62.png 768w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3-250x20.png 250w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-3-150x12.png 150w\" sizes=\"(max-width: 874px) 100vw, 874px\" \/><\/a><\/p>\n<p>If you need to download our CAs in order to import them, you may do so by navigating <a href=\"https:\/\/support.comodo.com\/index.php?_m=downloads&amp;_a=view&amp;parentcategoryid=24\">here<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Double-check if certificates were installed properly and available for object signing.\n<p><strong>Example Output: <\/strong><\/p>\n<p>-&gt; certutil -L -d . <strong>Certificate Check<\/strong><br \/>\n-&gt; signtool -L -d . <strong>Signtool check<\/strong><\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\">\n<a href=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-4.png\" rel=\"attachment wp-att-595\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-595 size-full\" src=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-4.png\" alt=\"CodeSign XPI 4\" width=\"537\" height=\"127\" srcset=\"https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-4.png 537w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-4-300x71.png 300w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-4-250x59.png 250w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-4-150x35.png 150w\" sizes=\"(max-width: 537px) 100vw, 537px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Export Code Signing Certificate in PKCS12 format (.p12\/.pfx)<br \/>\nExporting out of Firefox: <a href=\"https:\/\/support.comodo.com\/index.php?_m=knowledgebase&amp;_a=viewarticle&amp;kbarticleid=1221\">How do I backup my certificate with Firefox?<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ol>\n<li>Import PKCS12 file into your certificate database created earlier.<br \/>\n<strong>-&gt; <\/strong>pk12util -i &#8220;YOUR_P12_FILE_NAME.p12&#8221; -d .<\/p>\n<p><strong>Note:<\/strong> Still note the trailing .(dot)!<\/li>\n<\/ol>\n<p style=\"padding-left: 60px;\"><a href=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5.png\" rel=\"attachment wp-att-594\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-594 size-full\" src=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5.png\" alt=\"CodeSign XPI 5\" width=\"404\" height=\"56\" srcset=\"https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5.png 404w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5-300x42.png 300w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5-250x35.png 250w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5-150x21.png 150w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-5-400x56.png 400w\" sizes=\"(max-width: 404px) 100vw, 404px\" \/><\/a><\/p>\n<ul>\n<li>Double-check certificate is in the certificate database.<br \/>\n-&gt; certutil -L -d . <strong>Certificate Check<\/strong><\/p>\n<p><strong>Note:<\/strong> Your certificate should now have the u,u,u attributes.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Extract your XPI to it&#8217;s own directory using any program that support ZIP files.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Sign your XPI directory and create signed XPI file.<br \/>\n<strong>-&gt; <\/strong>signtool -d . -k &#8220;My Code Signing Certificate&#8221; -p PASS_GOES_HERE -Z &#8220;my-addon.xpi&#8221; -X XPI_DIR_HERE<\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\"><a href=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6.png\" rel=\"attachment wp-att-593\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-593 size-full\" src=\"http:\/\/www.pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6.png\" alt=\"CodeSign XPI 6\" width=\"831\" height=\"215\" srcset=\"https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6.png 831w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6-300x78.png 300w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6-768x199.png 768w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6-250x65.png 250w, https:\/\/pkipartner.com\/support\/wp-content\/uploads\/2016\/01\/CodeSign-XPI-6-150x39.png 150w\" sizes=\"(max-width: 831px) 100vw, 831px\" \/><\/a><\/p>\n<p><strong>Note:<\/strong> Never include your password in batch mode. <strong>-X<\/strong> creates XPI, <strong>-Z<\/strong> creates an archive and must be used together.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2>Related Articles<\/h2>\n<p>* <a href=\"https:\/\/developer.mozilla.org\/en\/Signing_a_XPI\">Signing a XPI<\/a> (Mozilla Developer Network)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Signing an XPI (Windows) How to sign Mozilla* Add-ons (XPI) with Windows 2000 and XP * Firefox, Sea Monkey, and Thunderbird Signing Tools * Network Security Service (NSS) Current Windows Release: nss-3.11.zip as of 5 May 2006. * Netscape Portable Runtime (NSPR) Current Windows Release: nspr-4.6.4.zip as of 21 November\u2026<\/p>\n<p> <a class=\"continue-reading-link\" href=\"https:\/\/pkipartner.com\/support\/codesign-signing-an-xpi-windows\/\"><span>Continue reading<\/span><i class=\"crycon-right-dir\"><\/i><\/a> <\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/262"}],"collection":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/comments?post=262"}],"version-history":[{"count":3,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/262\/revisions"}],"predecessor-version":[{"id":592,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/262\/revisions\/592"}],"wp:attachment":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/media?parent=262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}