Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to sign an MSI?

Tags:

certificate

code-signing

signtool

My company wants to prevent the UAC popup that appears when customers install our product. We purchased a certificate from VeriSign (VeriSign Class 3 Code Signing 2010 CA) and I got a MyCompany.cer file.

I installed the cert by double-clicking it and selecting the "Personal" store. It now appears in the Certificates snapin, along with several other certs. The snapin says its intended purpose is "Code Signing". I got the SHA1 hash by copying the thumbprint.

I try to sign the msi with this command:

signtool sign /sha1 <thumbprint> myInstaller.msi

and get a message "SignTool Error: No certificates were found that met all the given criteria."

If I leave off the "/sha1 " I get a list of most of the other certs in the store - the ones that say their intended purpose is "<All>" My cert isn't listed.

What am I doing wrong?

like image 903
Sisiutl Avatar asked Jun 18 '12 20:06

Sisiutl

People also ask

Can an MSI be signed?

msi on the Web server, you should sign the files with your digital certificate and private key, Mycert. cer and Mycert. pvk, using the SignTool utility.

How do I know if MSI is signed?

Check the signature on an EXE or MSI file Right-click the EXE or MSI file and select Properties. Click the Digital Signatures tab to check the signature.

How do you sign an application?

Clicking an Agree or Submit Button In most cases, signing an online application is a matter of clicking an "Agree" or "Submit" button on the bottom of a web page.

How do I digitally sign my software?

Steps to Sign Executable Files Insert the USB token that you got from your CA into your system. Open the software SafeNet Client that you installed in your system. Open the command-line tool SignTool. Use the following command to digitally sign and timestamp your executable using SHA-256.

Video Answer

1 Answers

This is pretty old but I hope it helps someone.

First of all you need to check that you have a Private Key for that .cer file, If you open it you should see a Key icon somewhere followed by the sentence:

You have a private key for this certificate

Note that what you must install the certificate in the same computer where de Key pair (and the CSR) were generated. Obviously if you have no private key, you can't sign anything.

like image 75
srbob Avatar answered Jan 03 '23 13:01

srbob
Sign in to Comment

Related questions

WCF username without certificate
KeychainStore doesn't provide certificates to Java on Mac OS X
Invalidate CRL cache
WCF with certificates on both Client and Server (Message security and wsHttpBinding)
Can you have both client certificate security and service identity authentication in azure acs
Android self signed certificate: Trust anchor for certification path not found
LogonSessionId account assigned Read access in new certificates?
Intercepting proxy's certificates generated on-the-fly provoke browser errors
Code Signing: When & Why?
Java applet won't load in IE after Java 8 upgrade
Difference between Authenticode, SPC and Java CodeSign?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!