This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Test digital signature isn't recognized in Vista?
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎May 20, 2008
05:16 PM
Test digital signature isn't recognized in Vista?
Hello,
I've generated a test certification using the steps at http://msdn.microsoft.com/en-us/library/bb172338(VS.85).aspx, and am now trying to get Vista to stop displaying the "An unidentified program wants access to your computer" message.
I have tried both manually signing all of the cabs, MSI, and EXEs, as well as using the Release Wizard to input the signature. Either process seems to generate the expected result: files with what appears to be a correct digital signature when I look at their properties under Vista. Verifying the files with signtool from the Platform SDK also works as expected.
The fun begins when I try to test them on a Vista test machine. I have imported the test certificate to the Trusted Root Certification Authorities using certmgr.msc, and the signatures show up in the file properties of all of the installer files. However, whenever I run setup.exe, I get the previously mentioned error. It seems that Vista isn't recognizing the digital signature. Has anybody encountered this before, or have any suggestions as to how to track down the problem?
-Ben
I've generated a test certification using the steps at http://msdn.microsoft.com/en-us/library/bb172338(VS.85).aspx, and am now trying to get Vista to stop displaying the "An unidentified program wants access to your computer" message.
I have tried both manually signing all of the cabs, MSI, and EXEs, as well as using the Release Wizard to input the signature. Either process seems to generate the expected result: files with what appears to be a correct digital signature when I look at their properties under Vista. Verifying the files with signtool from the Platform SDK also works as expected.
The fun begins when I try to test them on a Vista test machine. I have imported the test certificate to the Trusted Root Certification Authorities using certmgr.msc, and the signatures show up in the file properties of all of the installer files. However, whenever I run setup.exe, I get the previously mentioned error. It seems that Vista isn't recognizing the digital signature. Has anybody encountered this before, or have any suggestions as to how to track down the problem?
-Ben
(5) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎May 21, 2008
03:34 AM
Hello,
I use spc and pvk original Verisign files for signing my setup.
The publisher is not being shown in Vista UAC Window.
"Unknown publisher"
But the certificate is marked as ok.
If I sign setup.exe outside of dev using SignCode.exe Wizard,
Vista displays correct the publisher.
It must be a bug within isDev. Perhaps are some parameters
by call of SignCode not correct.
I use spc and pvk original Verisign files for signing my setup.
The publisher is not being shown in Vista UAC Window.
"Unknown publisher"
But the certificate is marked as ok.
If I sign setup.exe outside of dev using SignCode.exe Wizard,
Vista displays correct the publisher.
It must be a bug within isDev. Perhaps are some parameters
by call of SignCode not correct.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎May 21, 2008
10:17 AM
Test certificates yield packages which can be verified as signed, but are not trusted because the certificate chain isn't trusted. A package which is not trusted due to any of no signature, invalid signature, or untrusted certificate, will receive the "Unknown publisher" message.
I don't know what is wrong with the scenario Roman1 is describing; I haven't seen this, and am certain I've seen similar scenarios work both with IS12 and IS2008. It might be useful to compare the extended digital signature properties in explorer between the two signing methods looking for a difference.
I don't know what is wrong with the scenario Roman1 is describing; I haven't seen this, and am certain I've seen similar scenarios work both with IS12 and IS2008. It might be useful to compare the extended digital signature properties in explorer between the two signing methods looking for a difference.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎May 21, 2008
12:54 PM
First, thank you for the response!
You say that a test certificate will show up as "Unknown Publisher". Is that true even if I add my certificate to the Trusted Root Certificate Authorities?
If so, that introduces a new conundrum for me, as I need the installer to be trusted (on a test machine only) for Games For Windows testing, before we certify it.
-Ben
You say that a test certificate will show up as "Unknown Publisher". Is that true even if I add my certificate to the Trusted Root Certificate Authorities?
If so, that introduces a new conundrum for me, as I need the installer to be trusted (on a test machine only) for Games For Windows testing, before we certify it.
-Ben
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎May 22, 2008
10:43 AM
I'm not 100% certain. I suspect installing the certificate itself in the trusted list will result in it being trusted despite being under the test root. If so, this certificate's signatures can then be valid on that machine.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎May 22, 2008
11:03 PM
That's what I thought as well, but it doesn't seem to work. We're getting our key soon, so I'll revisit this when that arrives. Hopefully, this will just start working once I'm actually using a real CA, although I would have loved to have gotten a test implementation running first.
Thanks for the help.
-Ben
Thanks for the help.
-Ben