This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
osumatt
Level 3
‎Mar 04, 2010 07:47 AM

Super annoying digital signing problem/bug?

Here's the problem. We can sign our installs, but only when logged in as the administrator account. Nobody else can sign, not even users who have admin privileges!

Our previous certificate expired so we purchased a new certificate from Thawte. They sent us two files: a p7b and a pvk file. I used pvkimprt to create the pfx file, which I then imported into our build machine's certificate store (I put it in Personal-->Certificates).

So, our install is pointing at the pfx file on disk and I specified the password and it builds & signs, but only under the administrator account! As soon as I log in as someone else, I get:


ISDEV : error -6259: Internal build error


I looked at the KB article for error -6259 and it says to try manually signing with SignTool.exe. That works fine no matter who I am logged in as! So, this works:


signtool sign /f C:\ourcompany.pfx /p  C:\setup.exe

Done Adding Additional Store
Successfully signed: C:\setup.exe


So, I run sysinternals' processmonitor next. I see where the error happens, but there are so many events occurring (80,000) that I cannot really figure out what's causing the error.

By the way, here's a successful log from Installshield:


Resolving strings...
Language English (United States) built
ISDEV : warning -1527: No files are included in the project.
Media table successfully built
Started signing certificate.msi ...
Successfully signed: certificate.msi
Performing Upgrading and Patching Validation
Started signing install.msi ...
Successfully signed: install.msi
Setup.exe created
Started signing setup.exe ...
Successfully signed: setup.exe


And here's a failure log:


Resolving strings...
Language English (United States) built
ISDEV : warning -1527: No files are included in the project.
Media table successfully built
Started signing certificate.msi ...
Successfully signed: certificate.msi
ISDEV : error -6259: Internal build error
ISDEV : fatal error -5087: Stop at first error
Release\Release - 2 error(s), 1 warning(s)
Labels (1)
Labels
0 Kudos
(2) Replies
deramor
Level 6
‎Apr 26, 2010 12:21 PM

I am just learning to implement my own code signing certs but it seems to me that if you imported your certificate into your personal cert store, that only that user, this case administrator, can access them. Try importing the cert to a different store that is global to the computer. Also I have been reading that it is unwise to install the certificate on the built computer. Try using a secure server that only you have access to and never copy the cert to the build computer.
0 Kudos
lam1278
Level 6
‎May 20, 2010 08:09 AM

I too am getting the same error.


Did you get any resolution on this? I have a maintenance plan and am not afraid to use it... I know there is nothing wrong with my certificate as I have used it to sign files for Winqual without a problem.


All of my files say they were "Signed... and Succeeded"


Started signing 1046.mst ...
Succeeded
Started signing 1034.mst ...
Succeeded
Started signing 1033.mst ...
Succeeded
Media table successfully built
Started signing Data1.cab ...
Succeeded
ISDEV : error -6259: Internal build error
ISDEV : fatal error -6260: Internal build error
DTII\Release 4.0.x - 2 error(s), 5 warning(s)
0 Kudos