InstallShield Express doesn' t load certificate from certificate store, error 1027
For signing singleimage installation packages and the executables inside the packages I use a code signing certificate obtained from Sectigo. Recently I got an email from Sectigo that certificates will no longer be issued in the form of a pfx file, but as a token instead which is compatible with the Microsoft Certificate Store.
To be prepared for the change I decided to import my certificate into the Microsoft Certificate Store and change the signing from using pfx file into certificate store. InstallShield Express recognised my certificate from the Cetificate Store , Digest Selection: based on the certificate hash and I started the build of the project.
Instead of the predicted multiple password requests, I got error 1027 for every signing attempt.
Is this error 1027 caused by the fact that the certificate is a SHA384 and not a SHA1 or SHA256?
I tried to have the certificate regenerated, but they didn't want to do that anymore.
So I decided to wait until the end of this year where my certificate expires and I have to buy a certificate store on USB media. For certificate store used by InstallShield you need an SHA1 or SH256 certificate, not an SHA384
It is sad that the attempt to regenerate the certificate failed. Waiting until the year-end expiration date sounds like an acceptable option. It is critical to maintain compatibility with InstallShield's certificate storage, which requires SHA1 or SHA256, not SHA384. A practical technique, although resolving the certificate issue as soon as possible would be great.
Thanks for the reply. My certificate expires in three years so I will have to sign the files before doing the setup and then sign the setup using for example SignTool
Installshield (Express) can sign the executables (exe, dll, ocx,...) inside a package. Your certificate can be in a file or in the certificate store. That has worked very well so far for me.
