install a setup package with signing digital signature.

[tjwlsdkzzz]

Hi,

I have a question about installation with a setup package signing with digital signature.

In other writing, I find out below,

•When the target machine has no internet connection and Windows Installer fails to verify online the digital signature. Since Windows installation is unable to contact the certificate provider that can verify the installer’s security certificate, it will prompt with that error during installation.

But, I've checked with various case it has diffent results.

When internet is not connected, sometimes it installs well and sometimes it fails to install.

It all tested with Window 7 operation system and 32bits or 64bits machine.

Below is a figure when a installation was failed

errormessage.png (24.92 KiB) Viewed 2409 times

Do you knwo why this happened?

And I want to know how can I install a setup package signing digital signature without internet connection.

I provide a setup package to CD at first and later, I provide the software updates from our server.

But I failed to setup from the beginning.( install setup package from a CD).

My question is two.

First, Without internet connection, is it possible to install a setup package?
Second, Only executing update is it possible to verifying disital certicifation?

How can I solve the problom?? please help me.... thank you!

[Eusebiu]

Hi,

Some of the trusted CA do not require an internet connection to validate the certificate. The certificate is signed with a chain of signatures that is rooted in a private key for which the corresponding public key is already present in the Operating System. Other certificates need to communicate online in order to validate the chain.

First, Without internet connection, is it possible to install a setup package?

Yes, it is possible to install a signed setup package without internet connection. The solution is to make sure that the Operating System already has cached in memory the certificates you use to sign the installer. This way, if the certificate is already present (cached or manually installed) the Windows Installer will be able to verify the signature. For more details you can take a look on the "Basic Certificate Chain Validation article.

Second, Only executing update is it possible to verifying disital certicifation?

I'm afraid that I do not fully understand this question. Can you please give me more details (maybe exemplify)?

Best regards,
Eusebiu