I installed Advanced Installer 7.6 on Windows 7 Ultimate, along with the .NET 3.5 framework tools. (Was previously running on XP).
When I try to build our package, which is digitally signed, AI fails, saying, "Signing MSI... error.
Exception - Reason: Capicom.dll used by SignTool.exe is not installed correctly on this computer."
MS says that Capicom.dll has been deprecated and is not part of .NET anymore. Installing the standalone version of the DLL in Win7 does not resolve the issue.
What is the appropriate way to get SignTool going again in Win7?
Suggested Articles
-
GabrielBarbu
- Posts: 2146
- Joined: Thu Jul 09, 2009 11:24 am
- Contact: Website
Re: Signing packages on Win 7
Hello,
Please try installing Platform SDK from Microsoft and let us know if the issue still manifests itself.
Best regards,
Gabriel
Please try installing Platform SDK from Microsoft and let us know if the issue still manifests itself.
Best regards,
Gabriel
Re: Signing packages on Win 7
I installed all of the platform SDK elements EXCEPT documentation, samples, and compilers. I still get the Capicom.dll file not installed correctly error. I don't want all of those additional things since I don't use them and need the space on my disk.
Re: Signing packages on Win 7
Hi
I had also some issue with code signing, but I was able to resolve them. I'm using Windows 7 Home Premium. Here's what I did to resolve my issue:
1) Check options in Advanced Installer: Options/Exernal Tools.... -> Verify that the signtool.exe is pointing to the right version of the Windows SDK.
2) Check which version you need and download the appropriate Windows SDK:
http://msdn.microsoft.com/en-us/windows/dd146047.aspx
I was using version 6.0.6000.16384.10
3) Verify that the certificate is valid. View the certificate and check that there are no issues with the certificate path. If you are not sure, verify with the vendor of the certificate that it is valid.
4) Use command prompt, change to the directory where Windows SDK is installed and run command "signtool.exe signwizard" (without quotes). Go through the steps of the wizard. Note: the latest version of Windows SDK (6.1.7600.16385) does not have a signwizard anymore. You have to pass arguments in command line mode.
5) If using timestamp URL, make sure that security or proxy settings don't block you from calling the url. You need an active internet connection to perform this task.
What I learned is that it is most likely not an issue with Advanced Installer. I assume that Advanced Installer calls the Windows SDK in command line mode passing arguments to code sign the package.
I hope this helps.
Regards,
Matthias
I had also some issue with code signing, but I was able to resolve them. I'm using Windows 7 Home Premium. Here's what I did to resolve my issue:
1) Check options in Advanced Installer: Options/Exernal Tools.... -> Verify that the signtool.exe is pointing to the right version of the Windows SDK.
2) Check which version you need and download the appropriate Windows SDK:
http://msdn.microsoft.com/en-us/windows/dd146047.aspx
I was using version 6.0.6000.16384.10
3) Verify that the certificate is valid. View the certificate and check that there are no issues with the certificate path. If you are not sure, verify with the vendor of the certificate that it is valid.
4) Use command prompt, change to the directory where Windows SDK is installed and run command "signtool.exe signwizard" (without quotes). Go through the steps of the wizard. Note: the latest version of Windows SDK (6.1.7600.16385) does not have a signwizard anymore. You have to pass arguments in command line mode.
5) If using timestamp URL, make sure that security or proxy settings don't block you from calling the url. You need an active internet connection to perform this task.
What I learned is that it is most likely not an issue with Advanced Installer. I assume that Advanced Installer calls the Windows SDK in command line mode passing arguments to code sign the package.
I hope this helps.
Regards,
Matthias
Re: Signing packages on Win 7
I have Windows SDK for WIndows 7 installed v 8.0.7600.16385.40715
Should it be a different (older) version ?
Advanced Installer is pointing to this version of the signtool.exe
I am trying to sign with a pfx certificate, which is correctly specified in the File from Disk window. This pfx was created in XP and works fine in XP. Does the pfx have to be regenerated from the pvk or spc certificate file in Windows 7?
Should it be a different (older) version ?
Advanced Installer is pointing to this version of the signtool.exe
I am trying to sign with a pfx certificate, which is correctly specified in the File from Disk window. This pfx was created in XP and works fine in XP. Does the pfx have to be regenerated from the pvk or spc certificate file in Windows 7?
Re: Signing packages on Win 7
I was finally able to get this working by installing the last available version of CAPICOM in addition to the Win 7 SDK (which didn't include it).
Re: Signing packages on Win 7
Hi,
I have exactly the same issue. This seems to be a problem caused by Advanced Installer because I can perfectly run signtool.exe from the command line and sign files manually. Unfortunatly one cannot sign the created setup executable manually since that results in a checksum error ("This archive is corrupted.") when trying to start it afterwards.
My system specs:
- Windows 7 Ultimate x64
- Visual Studio 2010 Professional
- Windows 7 SDK 7.1 (not required but installed because of the signtool.exe error in Advanced Installer)
- Advanced Installer 7.7
Regards
I have exactly the same issue. This seems to be a problem caused by Advanced Installer because I can perfectly run signtool.exe from the command line and sign files manually. Unfortunatly one cannot sign the created setup executable manually since that results in a checksum error ("This archive is corrupted.") when trying to start it afterwards.
My system specs:
- Windows 7 Ultimate x64
- Visual Studio 2010 Professional
- Windows 7 SDK 7.1 (not required but installed because of the signtool.exe error in Advanced Installer)
- Advanced Installer 7.7
Regards
Re: Signing packages on Win 7
I installed Windows Driver Development Kit 7.0 => did not help
I installed "Platform SDK Redistributable: CAPICOM" (version 2.1.0.2) => did not help
After installing "Security Update for CAPICOM (KB931906)" I was finally able to create a signed setup.
I installed "Platform SDK Redistributable: CAPICOM" (version 2.1.0.2) => did not help
After installing "Security Update for CAPICOM (KB931906)" I was finally able to create a signed setup.
Re: Signing packages on Win 7
I can confirm the same issue on Windows 7 / 64 bit.
This must be an AI bug, because .NET SignTool.exe is completely unrelated to Capicom.
After installing this "Security Update" both the x86 and the .NET (64) version of SignTool could be used from AI.
This must be an AI bug, because .NET SignTool.exe is completely unrelated to Capicom.
After installing this "Security Update" both the x86 and the .NET (64) version of SignTool could be used from AI.
-
mihai.petcu
- Posts: 3860
- Joined: Thu Aug 05, 2010 8:01 am
Re: Signing packages on Win 7
Hello,
Regards,
Mihai
Actually, CAPICOM is a SignTool.exe requirement. For more information see the Remarks section of this MSDN article.This must be an AI bug, because .NET SignTool.exe is completely unrelated to Capicom.
Regards,
Mihai
Re: Signing packages on Win 7
Please have a look at:
http://blogs.msdn.com/b/alejacma/archiv ... ows-7.aspx
http://msdn.microsoft.com/en-us/library ... S.85).aspx
And using depends.exe on signtool.exe from this install http://www.microsoft.com/downloads/deta ... laylang=en doesn't reveal any dependency on capicom.dll
In sum, capicom is a requirement for signtool pre Windows 7, capicom is not supported on Windows 7 (but it might work)
http://blogs.msdn.com/b/alejacma/archiv ... ows-7.aspx
http://msdn.microsoft.com/en-us/library ... S.85).aspx
And using depends.exe on signtool.exe from this install http://www.microsoft.com/downloads/deta ... laylang=en doesn't reveal any dependency on capicom.dll
In sum, capicom is a requirement for signtool pre Windows 7, capicom is not supported on Windows 7 (but it might work)
Re: Signing packages on Win 7
Also if you look at the latest version of the SignTool.exe MSDN article http://msdn.microsoft.com/en-us/library ... .100).aspx (which is the one that is in the Window 7 Platform SDK) then it has removed the remarks about requiring Capicom.mihai.petcu wrote:Hello,Actually, CAPICOM is a SignTool.exe requirement. For more information see the Remarks section of this MSDN article.This must be an AI bug, because .NET SignTool.exe is completely unrelated to Capicom.
Regards,
Mihai
My guess is that AI is just doing a pre-check that the exact version of the Capicom DLL exists before trying to run anything.
Thanks to Frode for the suggestion, just installing the Capicom security update (and nothing else) worked fine for me.
-
mihai.petcu
- Posts: 3860
- Joined: Thu Aug 05, 2010 8:01 am
Re: Signing packages on Win 7
Hello,
I apologize for the misinformation. This is true, thus a bug in Advanced Installer. Thank you for reporting it and for your feedback.
I have forwarded the issue to the development team and we will provide a fix in a future version of Advanced Installer.
Best,
Mihai
I apologize for the misinformation. This is true, thus a bug in Advanced Installer. Thank you for reporting it and for your feedback.
I have forwarded the issue to the development team and we will provide a fix in a future version of Advanced Installer.
Best,
Mihai