I chose Advanced Installer many years ago to package my products mainly for one feature and that was its Advanced Updater and the “Install support service” option so you can install updates without elevation under restricted user accounts (https://www.advancedinstaller.com/user- ... avior.html) – the reason being a lot of my products are used by enterprises so installed on locked down computers where standard users don’t have admin rights, and this allowed me to easily roll out regular updates to my products that would install silently without any user interaction or needing admin rights or UAC elevation.
- 1.png (12.3 KiB) Viewed 4813 times
Until now……
Because of the signing changes my new certificate contains my name “Darren Rose” rather than my business name “PC Assist” in the subject field and this has completely broken the update process……….
So now when I try and update my apps instead of them running silently like they did before the installer pops up on screen likes a normal installer and expects the user to click Next etc to continue the install
• I have never had the “Install only digital signed update packages signed with the same certificate as the Updater” check box enabled in my apps
• When I call the updater.exe from within my app I pass the /silentall argument
• The updater.ini in my app directory has the NoUpdaterInstallGUI Flag set – from checking the below in project:
- 2.png (11.67 KiB) Viewed 4813 times
Code: Select all
;aiu;
[Update]
Name = AppName
ProductVersion = 5.8.3.0
URL = ****REMOVED****
Size = 8799232
ServerFileName = update.msi
CommandLine = /L*V "C:\windows\temp\deskmon.log"
Flags = SilentInstall|NoCache|Advertises
RegistryKey = HKUD\Software\PC Assist Software\AppName\Version
Version = 5.8.3.0But when trying to roll out a new version using my newly issued certificate then for some reason it completely ignores the fact it should be running the update silently and instead the installer window pops up on screen.
If I manually install the MSI using the /qn switch rather than relying on Advanced Installers updater then it works perfectly fine – showing that the change of certificate isn’t the problem, it is the fact that Advanced Installers updater.exe compares the subject field before doing updates and that there is no way of turning this off – as covered in other threads.
------
This issue has caused me major headaches, I can’t manually update my tools on tens of thousands of client computers I don’t have admin access too, and if my updates fail on all of them it could be very embarrassing and has the potential to ruin my business.
Surely, I can’t be the only person with this issue – especially now since 1st June with these changes to the certificate issuing / validation process? surely lots of Advanced Installer customers are independent developers / sole traders, not just all big enterprises? So when they renew certificates next will potentially be encountering the issue of having certificates with different subjects.
------
After no response at all from support@advancedinstaller.com for all the emails I have sent in the last 3 days (makes me wonder why I renew my maintenance each and every year!) – website says “We will usually answer your email within 24 hours, but most often within minutes of receiving it.”, so not quite sure what has happened this week…. Anyway means I have had to spend numerous hours when I should be out earning money working on a solution to this problem instead, as my existing certificate runs out very soon so time is against me!
Turns out the solution is as per the section “Migrating to a new certificate” on this page - https://www.advancedinstaller.com/user- ... dates.html - BUT following it exactly as written didn't work as it was missing an important step, and it has taken me a while to work out why. All the forum articles I read discussing similar issues keep pointing back to this article, but however many times I tried it, I still had the same problem.
Eventually I noticed that even after rolling out an update after following these steps that the updater.exe in my app directory still had the old certificate not the new certificate, despite following the steps exactly e.g. making sure that updater.exe was signed with new certificate and was in a folder with properties set to "install folder content into the parent folder" and that the "Digitally sign the file" option was disabled, it simply wasn't working.
- 3.png (135.31 KiB) Viewed 4813 times
FOLLOW US
Get the latest news in Application Packaging