Our software has been running smoothly with updates and non-administrator patches for the past one year.
My digital certificate has expired and my next patch would be including the new digital certificate.
My main worry is that, does this mean that if I include this new certificate in my next patch, the non-administrator patch is not going to work? In that case should I be releasing the installation package completely with the new certificate? That would be a night mare as there is no point with the automatic update system then.
Any thoughts on this at the earliest is most appreciated.
I don't have much helpful information for you here, as I'm not sure if Windows Installer will identify (and accept) an updated certificate, or if it requires a raw match. That said, you can specify multiple certificates via multiple rows in the MsiPatchCertificate table (our help covers how to add them), so if you wish to use an alternate certificate for your patches which won't expire (but will also not be accepted outside this scenario), you could probably specify and use a test certificate with a much later expiration date.
Sorry, I did not get understand the point to included a certificate that does not expire? what does this mean? I thought the whole idea of non-administrator patch was based on strict criteria with a valid digital certificate.
As far as I understand it, the certificate used in various ways linked from the MsiDigitalCertificate table (this includes the MsiPatchCertificate use) only need to be cryptographically valid. Instead of using the usual root authority trust chains, it uses the fact the exact certificate was listed in the base package to form an immediate trust for the certificate. As such, even a test certificate can be used for this purpose. However it would mean that looking at the certificate on the MSP or update.exe would show an invalid (test) certificate.
So in short it would be a hack. It would probably provide the UAC-patching behavior you asked for (test first), but would not provide the standard signature verification behavior you probably also want.
I will have to check on the test certificate as I can remember that the Non-admin patch never worked for me until i got the Update.exe signed and timestamped.
