2. NSIS Discussion
  3. Install SSL Certificate

Archive: Install SSL Certificate


Ryan J
23rd January 2006 03:20 UTC

Install SSL Certificate
Can NSIS be used to install an SSL Certificate?

I have created an ActiveX component and I want to avoid purchasing a certificate. Also, I have a dll that must be placed in the user's Windows directory in order to use the control anyway... Therefore, I just want to have the user run a setup program to install a SSL cert (so I can self-sign the ActiveX control) and place the DLL in one easy installation.

I would imagine placing a DLL in Windows is fairly easy, but not sure if NSIS is cabable of installing the certificate...

kichik
24th January 2006 17:43 UTC

If there's an API for it, you can call it using System plug-in. However, it might be simpler and nicer to use ExecShell on the certificate so Windows will ask the user if he wants to install the certificate.

marbed
16th March 2006 13:13 UTC

Hi,
I found quite good solusion:

rundll32.exe cryptext.dll,CryptExtAddCER file.cer

Now I can fired this command via ExecWait and after that we see "import certificate wizard" window. Is possible I think calling method CryptExtAddCER from cryptext.dll, using plugin System (System::Call).

What do you think about this idea?

kichik
16th March 2006 17:33 UTC

You can try using:

System::Call "cryptext::CryptExtAddCER(i $HWNDPARENT, i 0, t 'file.cer', i 1)"
However, I'm not sure how it'd react to a NULL passed on hInstance.

Comm@nder21
16th March 2006 20:52 UTC

if i don't know what handle to pass i normally try 0, if not working $HWNDPARENT. :)

marbed
17th March 2006 06:56 UTC

Thanks for answers.
Calling certificate wizard is good idea but better is installation a certificate in silent mode. Ofcourse before install certificate in Root store must be warning, but for others certificates silent mode is acceptable. One question:
Can I call CryptExtAddCER function in silent mode? I don't now
what is definition of this function exactly, maybe I shold set some parameter?

kichik
17th March 2006 09:05 UTC

CryptExtAddCER is an API function specifically for use with rundll32. I doubt it has an option to run silently. But you can try passing 0 on the last parameter (SW_HIDE).

marbed
17th March 2006 14:15 UTC

Passing 0 in last parameter not work. But i found solution to install the certificates in silent mode. I add keys to registry. My certificates are in this place:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates

I used reg2nsis to convert *.reg file to NSIS script. When i
fired certmgr.msc every certificates was in correct stores.

I hope this solution is safe and not been revolution in my store ;)

Fork me on GitHub