Aurigma offers private-label versions as a part of our Premium licenses. When your customers install ActiveX/Java Uploader on their computers, they see a security warning displaying the name of the company that owns the software. By default, customers see Aurigma, Inc. If you want to replace Aurigma's name with your company name, you can order a private-label version. In this case Aurigma creates a special custom uploader for you. Your company, in its turn, should then purchase a code singing certificate from one of the certificate authorities (e.g. Thawte or VeriSign) and sign the binaries with it.
The topic below explains the steps required for signing a private-label version. You can just ignore this topic if you don't have a private-label version of ActiveX/Java Uploader on your website.
To make ActiveX Uploader automatically install in Internet Explorer and Internet Explorer 64-bit,
you need to pack the Uploader8.ocx
and Uploader8_x64.ocx files into the CAB files.
The CAB (cabinet) file is a file format developed by Microsoft as a self-installing archive,
in particular, for ActiveX controls. To allow installing a CAB file from Internet Explorer,
the control, such as ActiveX Uploader, should be embedded into a Web page.
For more details about embedding ActiveX Uploader in a Web page
see Using Private-label Version of ActiveX/Java Uploader.
During installation, Internet Explorer downloads the CAB file, extracts the OCX file from it as well as any other files, and registers the control.
Each CAB file should contain an INF file. The INF file contains a description of the archive content. It includes such information as a list of files, which files should be registered, where files should be placed, version information, and so on.
It would be insecure to enable Internet Explorer to download from the Web and install arbitrary ActiveX controls, because malicious people could distribute harmful code. To avoid security problems the browsers usually require controls and other software to be digitally signed using a special code signing certificate which is granted to software vendors by such certificate authorities as VeriSign and Thawte. Certificates ensure that the software being installed was actually developed by the specified vendor.
Though browser settings can be adjusted so that unsigned software can be installed, the default settings and corporate company-wide security policies usually do not allow this.
To build a CAB file, in general, you should follow these steps:
EasyUploadTool.cab, you should name the INF file EasyUploadTool.inf.
For more details about INF files, see the
About INF File Architecture MSDN article.Yes for these files).
In our case it is the Uploader8.ocx and
Uploader8_x64.ocx files that need to be signed.
To sign it you can use the signtool.exe utility which is distributed with Microsoft .NET Framework SDK.cabarc.exe utility which is available as a part
of the Windows XP Service Pack 2 Support Tools (to download this file click
here).
If your OS is different from Windows XP you can extract only the cabarc utility using the following commands:
WindowsXP-KB838079-SupportTools-ENU.exe /C /T:%TEMP% expand %TEMP%\support.cab -F:cabarc.exe <Destination path>The list of files that should be included into the first CAB file is as follows:
Uploader8.ocx representing the control itself<cabinet name>.inf containing information about the packageUploader8_x64.ocx representing the 64-bit version of the control<cabinet name>.inf containing information about the packageAssume you have recompiled ActiveX Uploader and want to put it into Uploader8.cab.
First, you should create the Uploader8.inf file.
You can do it in any text editor, for example in Notepad. Copy the following data into it:
[version] signature="$CHICAGO$" AdvancedINF=2.0 [Add.Code] Uploader8.ocx=Uploader8.ocx [Deployment] InstallScope=user|machine [Uploader8.ocx] file-win32-x86=thiscab clsid={<CLSID>} FileVersion=<Version> RegisterServer=yes RedirectToHKCU=yes
There are two placeholders in this listing:
oleview utility which is distributed along with Visual Studio
(do not forget to run oleview.exe as administrator at the first time):
oleview.exe Uploader8.ocx in the
Visual Studio command prompt.Uploader8.ocx file:
Uploader8.ocx.Copy the File version value. Note, that you should replace dots with commas. For example, you should specify 8,0,48,0 instead of 8.0.48.0.
For the 64-bit version of ActiveX Uploader control you should replace the string containing file-win32-x86=thiscab
with the following one: file=thiscab.
Put this INF file in the same folder with the Uploader8.ocx file.
Then, create a batch (.bat) file that will build the CAB file from signed files automatically and sign the result.
To do that, create a file named BuildCab.bat in any text editor and copy the following data
into it (do not forget to remove the line breaks):
"<Path to .pvk to .pfx converter>\pvk2pfx.exe" -pvk "<Path to certs>\MyKey.pvk" -pi <Password> -spc
"<Path to certs>\MyCert.spc" -pfx "<Path to certs>\MyCert.pfx" -f
"<Path to signtool>\signtool.exe" sign -f "<Path to certs>\MyCert.pfx" -p <Password> -d "<Control name>"
-t "http://timestamp.verisign.com/scripts/timstamp.dll" "<Path to Image Uploader files>\Uploader8.ocx"
"<Path to cabarc>\cabarc.exe" -m LZX:21 -s 6144 n "<Path to resulting CAB>\Uploader8.cab"
"<Path to Image Uploader files>\Uploader8.ocx" "<Path to Image Uploader files>\Uploader8.inf"
"<Path to signtool>\signtool.exe" sign -f "<Path to certs>\MyCert.pfx" -p <Password> -d "<Control name>"
-t "http://timestamp.verisign.com/scripts/timstamp.dll" "<Path to resulting CAB>\Uploader8.cab"
There are several placeholders in this listing:
pvk2pfx utility.
Typically, it is located in the /Bin subfolder of the Windows SDK installation folder.signtool utility.
Typically, it is located in the /Bin subfolder of the Windows SDK installation folder.cabarc utility.