cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
juancbecerra
Level 3

Getting error 1027 after migrating to InstallShield 2012

Hi,

I recently migrated some projects from InstallShield 2011 to InstallShield 2012. These projects are being signed with the company certificate.

The projects were building fine in 2011, but after the migration I'm getting this error in the log:

ISDEV : fatal error -1027: Failed signing 33BE.tmp

I've looked at the information on this page: http://kb.flexerasoftware.com/selfservice/viewContent.do?externalID=Q107917

and I've made sure the points described there are correct, but nothing.

Right now I've had to remove all the signing information in the Releases view and the problem is gone (as well as the signing). I really need to sign the projects as they need to be compliant with the Windows Logo program.

Any idea on what may be causing the issue?

Any help you may provide will be highly appreciated.

Thanks,
Labels (1)
0 Kudos
(5) Replies
ElenaN
Level 6

I also got 1027 error when tried to use .pfx + password. Then I converted it to .spc/.pvk pair which doesn’t require password and signing from InstaIIShield works for me now.
0 Kudos
juancbecerra
Level 3

Thanks for your response Elena.

How do you generate your SPC/PVK. I tried doing it but it's still requesting a password.

By the way, this is only happening in my build server using the IsCmdBld.exe. When I build in my dev machine using the full IDE, I don't have the problem.

Thanks,
0 Kudos
ElenaN
Level 6

I’m not sure if my way is the best, but it worked for me. I should have found that solution on some forum. However I can’t locate the source now - my apologies to the author. So here is my description.

First you need to download and install OpenSSL. I used “Win32 OpenSSL v1.0.1c” compiled for Windows from here:
http://www.openssl.org/related/binaries.html

Another tool you’ll need is pvk.exe. I found it here http://www.drh-consultancy.demon.co.uk/pvk.html (search for “You can download the Win32 binary here”).


cmd that I used:

set OPENSSL_CONF=c:\Program Files (x86)\OpenSSL-Win32\bin\openssl.cfg

"C:\Program Files (x86)\OpenSSL-Win32\bin\openssl" pkcs12 -in original.pfx -nocerts -nodes -out testpemkey.pem
pvk.exe -in testpemkey.pem -topvk -nocrypt -out test.pvk

"C:\Program Files (x86)\OpenSSL-Win32\bin\openssl" pkcs12 -in original.pfx -nokeys -out testpemcerts
"C:\Program Files (x86)\OpenSSL-Win32\bin\openssl" crl2pkcs7 -nocrl -certfile testpemcerts -outform DER -out test.spc

pause



“C:\Program Files (x86)\OpenSSL-Win32” – is the path where I chose to install OpenSSL
My .cmd file was in the same folder with pvk.exe and original.pfx.

You’ll be asked to enter pfx password twice during the script execution (it won’t be shown, but it is entering; just type without errors and press enter).
0 Kudos
juancbecerra
Level 3

Thanks a lot for the detailed explanation. I tried it but still had no luck on making the signing work.

What I noticed is that I can only reproduce the error on projects that were migrated from IS 2011 to IS 2012, projects that were created on IS 2012 and that use signing are building just fine.

As an additional note, this is happening always when I use the standalone build version and sometimes on the IDE.

Right now my workaround has been to sign my installers externally using my build script.
0 Kudos
Richard_Winks
Level 6

Juan... this is likely a dumb question but did you try removing the password, saving the project, reopening it again and re-adding it?

If they have changed the encryption process, the password might no longer be valid.

Richard
0 Kudos