Member Avatar for srikkanthan

Hi
I have a web page - in that i give a link to exe file. When the user clicks on the link the exe is supposed to be downloaded and executed in the user's system. (I am not writing any malicious code or virus :rolleyes: )

However, when i try to download that executable a messagebox with prompts as follows:
==================================
Title: File Download - Security Warning
Name: Setup.exe
From: localhost

Buttons: [Run] [Save] [Cancel]

While files from internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not run or save this software. (link: ) What's the risk?
================================

I don't want to display this messagebox. I got the information like, I need to "Digitally sign" my executable - so that the user can trust the Digital Certificate and its publisher. I am ready to buy any digital certificate from any CA such as Verisign etc. Anyway, Before that to make sure, I tried with sample certificates generated using "makecert.exe" and "cert2spc.exe" and other tools. They have mentioned like these sample certificates work in intranet. However, still the warning pops up. I am not able to stop that. This happens only in the Windows XP - SP 2 systems.

Few other links i found to create sample digital certificates:

http://winfx.msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_fxtools/html/b0343f8e-9c41-4852-a85c-f8a0c408cf0d.asp

http://winfx.msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_fxtools/html/be434d7d-9c0d-46e7-8392-58a9b542d11d.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfcertificatecreationtoolmakecertexe.asp

http://www.source-code.biz/snippets/vbasic/3.htm

http://www.microsoft.com/downloads/details.aspx?FamilyID=F9992C94-B129-46BC-B240-414BDFF679A7&displaylang=EN

I don't know what I am doing wrong. All I want is to get rid of that warning.

I hope Daniweb can help me in this regard.

Regds
Sri.

  • 2 Contributors
  • 4 Replies
  • 191 Views
  • 1 Month Discussion Span
  • Latest Post Latest Post by srikkanthan
Member Avatar for Paladine

Ok, well to my knowledge you can't once you have installed SP2. This is a new update to Internet Explorer, but I could be wrong on that part, as I do not use Internet Explorer.


Hi
I have a web page - in that i give a link to exe file. When the user clicks on the link the exe is supposed to be downloaded and executed in the user's system. (I am not writing any malicious code or virus :rolleyes: )

However, when i try to download that executable a messagebox with prompts as follows:
==================================
Title: File Download - Security Warning
Name: Setup.exe
From: localhost

Buttons: [Run] [Save] [Cancel]

While files from internet can be useful, this file type can potentially harm your computer. If you do not trust the source, do not run or save this software. (link: ) What's the risk?
================================

I don't want to display this messagebox. I got the information like, I need to "Digitally sign" my executable - so that the user can trust the Digital Certificate and its publisher. I am ready to buy any digital certificate from any CA such as Verisign etc. Anyway, Before that to make sure, I tried with sample certificates generated using "makecert.exe" and "cert2spc.exe" and other tools. They have mentioned like these sample certificates work in intranet. However, still the warning pops up. I am not able to stop that. This happens only in the Windows XP - SP 2 systems.

Few other links i found to create sample digital certificates:

http://winfx.msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_fxtools/html/b0343f8e-9c41-4852-a85c-f8a0c408cf0d.asp

http://winfx.msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_fxtools/html/be434d7d-9c0d-46e7-8392-58a9b542d11d.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfcertificatecreationtoolmakecertexe.asp

http://www.source-code.biz/snippets/vbasic/3.htm

http://www.microsoft.com/downloads/details.aspx?FamilyID=F9992C94-B129-46BC-B240-414BDFF679A7&displaylang=EN

I don't know what I am doing wrong. All I want is to get rid of that warning.

I hope Daniweb can help me in this regard.

Regds
Sri.

Member Avatar for srikkanthan

You are right. We again checked with Microsoft. They have confirmed this warning cannot be evaded even if we use digital certificates. No other way but to compromise with this.

Member Avatar for srikkanthan

This is an update for this thread. If we use digital certificates purchased from Certification Authorities like Verisign, a second dialog box with the Publisher name (with my company name as publisher) appears and asks the user do you trust this publisher. This is somewhat ok.

Adding to this, one more requirement added to this issue. I need to use this digital certificates "on the fly" at runtime. Meaning i need to sign files dynamically before they are about to be downloaded.

I found that Microsoft CAPICOM library will be useful for signing files dyanmically on the fly before downloads. But I am not able to use it properly - it is not as simple as you give the spc and pvk file - it signs the download file - not like that. Anybody used CAPICOM before?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.