Digital signature shows publisher unknown

[murech]

Hi.

I'm using Advanced Installer 7.6 Professional and I signed a software installation package with a certificate. Once I run the installation package on Windows 7, the os asks if the software should be installed. This is ok, but it shows the publisher as unknown. If I check the property of the installation package (.exe) then it shows the name.

I'm using SignTool.exe and I entered description. description url, selected the certificate file and stored the password on the project.

Any idea what could be wrong?

[GabrielBarbu]

Hello,

Provided you have a valid certificate (meaning it is not a test certificate) you will need to select the "Automatically get certificate from system store" option from the Digital Signature page in Advanced Installer. Make sure you have your certificate installed on your system. Install it by double-clicking the .pfx and following the wizard.

This is required when using newer versions of signtool.

Your certificates should now be properly signed and the correct name should be displayed when installing the package.

Let me know if this helped.

Best regards,
Gabriel

[murech]

Hi Gabriel

I checked with tech support from where I got the certificate. Everything seems to be ok with the certificate. I used both Advanced Installer and signtool.exe to apply the certificate. Both are signing the .msi and no error is shown. If I do right-click on the .msi and click properties then I see under tab Digital Certificate that the certificate list the name and its status is ok.

In Advanced Installer I'm using File From Disk and specify the certificate. If I used the system store then it uses my personal one instead the one for the company.

Enclosed you find some additional information about the settings:

signtool.exe, version: 4.00 (vista_rtm.061029-1900)
OS where advanced installer packaged the .msi: Windows XP SP3
OS where .msi is executed: Windows 7 Home Premium 64-bit.

Do I have to change some settings in Advanced Installer (e.g. package type)? Currently it is set to 32-bit package. The installation works fine on Windows 7. It's just about getting the name of the certificate instead of unknown publisher.

Regards,
Matthias

[GabrielBarbu]

Hi Matthias,

Did you select the "Automatically get certificate from system store" option I mentioned in my previous post?

Regards,
Gabriel

[murech]

Hi Gabriel

No, I used option File From Disk. If I use Automatically get certificate from system store option then it uses the certificate of my windows XP user. There are no error messages shown when using File From Disk and the certificate is properly assigned.

I also checked the Advanced Installer option (External Tools) that it points to the mentioned signtool.exe. Can it be that I need to use another signtool.exe?

Kind Regards,
Matthias

[murech]

FYI - I found a reference about which windows sdk should be used:
http://msdn.microsoft.com/en-us/windows/dd146047.aspx

So far, I tested the following versions:

6.1.7600.16385
6.1.6000.16384.10
5.2.3790.1830

Each time I changed the path for the signtool.exe in Options/External Tools. However, It did not resolve the problem.

[murech]

I was not able to resolve the issue using Windows XP SP3. I've almost tried all version of Windows SDK. However, I was able to resolve the issue under Windows 7 Home Premium.

I was using the followings settings tools to resolve the issue:

- Windows SDK version 6.1.6000.16384.10
- SignTool.exe
- Software Publisher Certificate: File From Disk

Thank you for your help.

Regards,
Matthias