signtool fails with "ISDEV : fatal error -1027: Failed signing 4005.tmp"
I am trying to have InstallShield 2015 (stand-alone) sign my setup.exe and the Installer** in the build. The build is running on Windows 2008 R2 SP1.
I have researched most of the suggestions from https://flexeracommunity.force.com/customer/articles/en_US/ERRDOC/Build-Error-1027
Is it because of https://community.flexerasoftware.com/archive/index.php?t-220438.html ?
- This build worked a year ago on the same machine. However, it was using signcode (not signtool) and .pvk, .spc files. I replaced the expired certificate with a valid new .pfx file.
It fails with
"Started signing 4005.tmp ...
ISDEV : fatal error -1027: Failed signing 4005.tmp"
File size for "F:\win32\install\win32\template\setup.exe": 3824603
File size for "F:\win32\install\win32\template\Setup.ini": 5224
- No signtool.exe came in I/S Stand-Alone. Tried copying signtool.exe (V6.2.9200...) from MS .Net 2008 to
We have also tried - running signtool.exe out of D:\SDK\8.0/bin/x86 in the build.
- From the command line on the build machine running signtool.exe works only, when signtool.exe is run from the MS SDK directory:
HOWEVER, signtool.exe on the command line does NOT WORK when run from other directories even with it in the path. Not sure if this is the root cause
When signing outside of InstallShield in the build - signtool works, There are over 90 calls to signtool visible in the build logs before the failure
G:\win32\src\libraries\cppunit>D:\SDK\8.0/bin/x64/signtool.exe sign /f G:\win32\include\win32\mypfx.pfx /p xxxxxx /t http://timestamp.verisign.com/scripts/timstamp.dll /v cppunit_dll.dll
The following certificate was selected:
Issued to: ...
Issued by: Symantec Class 3 SHA256 Code Signing CA
Expires: Thu Nov 01 18:59:59 2018
SHA1 hash: E5C81C59E8BA81C9F32C0FC3F05F78924724B4EC
And it works on Windows 7 local build using same signtool.exe.
I have tried numerous path variable combinations - moving .pfx to I/S proj folder, etc . Tried putting mypfx.pfx in the I/S Support directory too.
- and hash settings etc
And tried different timestamp servers (and none), different hash options too.
** If I remove signing the setup.exe and leave only the installer I get this different error information:
Started signing certificate.msi ...
ISDEV : fatal error -1027: Failed signing package. Verify that a valid digital certificate file exists in the specified location.
Creating path "F:\win32\install\win32\template Data\LogFiles"
Product Configuration 1\Release 1 - 1 error(s), 6 warning(s)
Log file has been created:
- Is there a way to get more information /trace on the signtool in the output file to see how I/S invokes signtool?
- -1027 signtool
krogerfeedback.com Survey is an online survey held by Kroger supermarket store to hear their customer’s reviews and responses about their products and services. With the help of this Kroger Customer Satisfaction Survey, the clients can connect with them online through this review and leave honest reviews about their progress and experience of shopping at the Kroger store.
aka.ms/authapp – This Microsoft Authenticator app is a security feature that improves your account’s security. If you sign in using this application, you need to show at least two forms of proof or other evidence to prove your identity.