Moin!
Nach einem Download von http://download.wsusoffline.net/wsusoffline87.zip hat bei mir nur das Archiv die "aus-dem-Internet-Signatur", nicht die enthaltenen Dateien.
Daher würde ich gern die Umstände kennen, die zu diesem Verhalten geführt haben, bevor ich die vorgeschlagene Änderung, die auch erst ab dem zweiten Aufruf wirksam wäre, vornehme.
Gruß
Torsten
forums.wsusoffline.net
Forums for questions, problems and suggestions concerning WSUS Offline Update
Digitally Signing WSUS Offline Updater
13 posts
• Page 2 of 2 • 1, 2
Re: Digitally Signing WSUS Offline Updater
by WSUSUpdateAdmin » 28.10.2013, 09:25
- WSUSUpdateAdmin
- Administrator
- Posts: 2245
- Joined: 07.07.2009, 14:38
Re: Digitally Signing WSUS Offline Updater
by aker » 28.10.2013, 09:29
Wenn ein ZIP-Archiv, welches diese Signatur hat, mit dem Windows Explorer entpackt wird (wie es mit anderen Packprogrammen aussieht, weiß ich nicht), erhalten alle Dateien, die aus dem Archiv kopiert werden, diese Signatur.
Wann dieses Verhalten genau eintritt (kopieren einzelner Dateien, entpacken über die Option "Alle extrahieren"), habe ich mir noch nicht genau angesehen.
Viele Grüße
Wann dieses Verhalten genau eintritt (kopieren einzelner Dateien, entpacken über die Option "Alle extrahieren"), habe ich mir noch nicht genau angesehen.
Viele Grüße
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to keep or sell it.
aker
WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
aker
WSUS Offline Update „Community Edition“
https://gitlab.com/wsusoffline/wsusoffline/-/releases
- aker
- Posts: 3999
- Joined: 02.03.2011, 15:32
Re: Digitally Signing WSUS Offline Updater
by oiaohm » 21.11.2013, 03:06
These two issues are linked.
viewtopic.php?t=3923
lsjohnson2 in fact you issue can come back if someone turms on signed only.
http://technet.microsoft.com/en-us/libr ... 10%29.aspx
From harry
This is just a hack. This disables selective signed checking.
The correct answer is setup your own self signing CA with own code signing certificate and sign the file and add that CA to the computers. This way it does not matter what is set it works. Unsigned is just trouble.
http://stackoverflow.com/questions/8484 ... on-windows
Now of course it would be nice if it was self signed in the download and only have to add the CA .cer file into the trust locations.
MITM and Windows signing requirements is the same problem. Fighting the tide the tide will always cause you trouble.
Unsigned is trouble. Unsigned will be questioned more by anti-virus software. Unsigned will run into windows protection systems. Self-signed lot of companies use this for internal applications.
As I stated there is no a money cost to fixed this at least half way. To fix fully needs a paid for certificate. To half fix needs a self signing CA.
Instructions are fairly simple if the exe where self signed.
With MyCert.cer being the self signed CA of here. The .cer could be in the download file. Yes in a cmd/bat file to approve.
viewtopic.php?t=3923
lsjohnson2 in fact you issue can come back if someone turms on signed only.
http://technet.microsoft.com/en-us/libr ... 10%29.aspx
From harry
Please see viewtopic.php?f=5&t=491
Code: Select all
{yourWSUSOUdir}\bin\streams -s -d yourWSUSOUdir
This is just a hack. This disables selective signed checking.
The correct answer is setup your own self signing CA with own code signing certificate and sign the file and add that CA to the computers. This way it does not matter what is set it works. Unsigned is just trouble.
http://stackoverflow.com/questions/8484 ... on-windows
Now of course it would be nice if it was self signed in the download and only have to add the CA .cer file into the trust locations.
MITM and Windows signing requirements is the same problem. Fighting the tide the tide will always cause you trouble.
Unsigned is trouble. Unsigned will be questioned more by anti-virus software. Unsigned will run into windows protection systems. Self-signed lot of companies use this for internal applications.
As I stated there is no a money cost to fixed this at least half way. To fix fully needs a paid for certificate. To half fix needs a self signing CA.
Instructions are fairly simple if the exe where self signed.
- Code: Select all
certmgr.exe -add MyCert.cer -s -r localMachine trustedpublisher
certmgr.exe -add MyCert.cer -s -r localMachine root
With MyCert.cer being the self signed CA of here. The .cer could be in the download file. Yes in a cmd/bat file to approve.
- oiaohm
13 posts
• Page 2 of 2 • 1, 2
Return to Anregungen / Suggestions
Who is online
Users browsing this forum: No registered users and 182 guests