How do you sign your Firefox extensions?

Question

I have developed a couple of extensions for Firefox, and am annoyed that it is so hard to get the extension signed. When an extension isn\'t signed, it says \"Author not ve

Answer 1

If you have an Open Source project, you can get a free code signing certificate from Unizeto.

The steps to get the certificate itself are described in detail here.

Once you have the certificate, do the following:

• get the private key from your browser (e.g. download it as .p12 from your keychain - do not set a password) and convert it into PEM format via openssl pkcs12 -in key.p12 -nodes -out private.key -nocerts

• Open your .pem file that you downloaded from Unicert, add your private key beneath it, and the Public Key of Certum Level III CA from here beneath the private key, so it looks like this:

  -----BEGIN CERTIFICATE----- [your certificate from Certum] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [the private key you just converted from the .p12 file from your keychain] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [the Certum Level III CA public key you just downloaded] -----END CERTIFICATE-----

• Save this file as cert_with_key_and_ca.pem
• Install xpisign.py with pip install https://github.com/nmaier/xpisign.py/zipball/master
• Run xpisign -k cert_with_key_and_ca.pem unsigned.xpi signed.xpi
• Drag & Drop the signed.xpi into Firefox and you should see the author name where before there was a (Author not verified) message next to the extension name.