How to extract a digital signature/certificate from a signed software file/package

book

Article ID: 191787

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When using Symantec Endpoint Protection (SEP)/and Symantec Endpoint Protection Manager (SEPM), there is a need to add digital signature certificates from trusted application manufacturer's software in order to have the SEP client treat trusted applications appropriately. This is an ongoing part of SEP/SEPM administration and should be reviewed as needed.

Some software manufacturers will give the certificate to a customer that asks, but often this is unnecessary as it can be extracted from a signed software package using Microsoft Windows and the steps found in the Resolution section of this article. 

Environment

Microsoft Windows Operating Systems

Resolution

  1. After receiving the software package from the manufacturer, right click on any exe, msi, or dll file, and select "Properties".
  2. If the files are digitally signed, you will see a tab entitled "Digital Signatures", select that tab. 
  3. Verify that the Name of Signer is the manufacturer of the software, and then select one of the signature option(s), typically sha1 or sha 256 are both options, and either can be used for this process. 
  4. Click on the "Details" button once a selection is made in Step 3. 
  5. On the Digital Signature Details page that loads, select the button "View Certificate".
  6. In the Certificate page that loads, select the "Details" tab, and then the button "Copy to File".
  7. In the Certificate Export Wizard, click on the "Next" button on the first page. 
  8. On the Export File Format page, select either the DER or Base-64 encoded x.509 (.CER) option and press "Next" button. 
  9. On the File to Export page, use the "Browse" button to set where the certificate file will be placed, and the name of the file. Broadcom recommends making the file name easy to recognize and place it in a common area such as the Desktop. 
  10. Click on the "Next" button. 
  11. On the Completing the Certificate Export Wizard page, click on the "Finish" button and click the "OK" button when the pop-up box appears. 

Additional Information

See the following document, specifically the section entitled "Exclude a Certificate" for details on importing the certificate file into the Exceptions Policy.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/managing-exceptions-in-v36686987-d51e6/creating-exceptions-for-virus-and-spyware-scans-v39814459-d51e102.html