cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
LanceRas
Level 7

SHA1 support

I have way too many XP and Vista customers that are complaining regarding our SHA256 signed installers as creating security warnings or not being allowed to download.

I'm even having some XP customers complain that they are getting a Error 24592 error that a cab has an invalid digital signature and wont install.

How can I continue to use IS2015 and go back to using a SHA1 digital certificate (which I now have to re-buy, since I converted my cert to SHA256). Looking around, seems like many software companies supporting XP, 2003 Server, Vista have had to downgrade to SHA1 too.
Labels (1)
0 Kudos
(4) Replies
MichaelU
Level 12 Flexeran
Level 12 Flexeran

If you specify a SHA1 certificate, InstallShield will generate a SHA1 signature. The most you should have to do is ignore (or disable) the warning.
0 Kudos
Christoph
Level 8

MichaelU wrote:
If you specify a SHA1 certificate, InstallShield will generate a SHA1 signature. The most you should have to do is ignore (or disable) the warning.


Is this the only solution I have?
Builded and signed installers with SHA-256 signature after January 1st, 2016 doesn't seem to work on Windows 2008 Server SP2(32-BIT).

In the middle of the installation I receive this error:
Error 1330. A file that is required cannot be installed because the cabinet file ..\..\data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24592 was returned by WinVerifyTrust.

The same installer does work on Windows 2012.

Has this for sure to do with the SHA-256 certificate and the fact that this not supported on Windows 2008 SP2?
Is there a workaround possible?
0 Kudos
MrTree
Level 6

Hi,

you can use Sign Output Files: "Setup.exe" instead of "Setup.exe and Windows Installer Package" so you will not have issues with XP machines an cab-files.
0 Kudos
K0NFUZIUS
Level 5

Hi Christoph,

currently Microsoft doesn't support Windows Vista and Windows Server 2008 for SHA256
You have to upgrade to Windows Server R2 (not SP2) which has a full support.


Cheers Joerg
0 Kudos