Menu
How can I silently install root certificates from WiX? I'm installing some root and intermediate certificates, and for root certificates the system displays confirmation dialog showing basic certificate properties and thumbprint. This is relevant code I have, using WixIIsExtension mapped in namespace iis:
<Binary Id="RootCa" SourceFile="Certificates\RootCa.cer" />
<DirectoryRef Id="TARGETDIR">
<Component Id="RootCa" Guid="...">
<iis:Certificate
Id="RootCa"
BinaryKey="RootCa"
Name="RootCa"
StoreLocation="currentUser"
StoreName="root"/>
</Component>
</DirectoryRef>
<Feature ...>
<ComponentRef Id="RootCa" />
</Feature>
451
In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA).
Why Is A Root Certificate Important? A root certificate is the most critical part of the SSL protocol as any certificate signed with its private key information will be trusted by all browsers readily.
Click Tools > Internet Options > Content. Click Certificates and then the Trusted Root Certification Authorities tab on the far right. This lists the root CAs known and trusted by your Web browser - that is, the CAs whose certificates have been installed in the SSL software in your Web browser.
I`ve been looking for an answer long time ago. So, thats what I have:
WiX Code:
<CustomAction Id="ImportCer.Props" Property="ImportCer" Value="[INSTALLDIR]ca\root.cer" />
<CustomAction Id="ImportCer" Execute="deferred" FileKey="hsminst.dll" DllEntry="ImportCer" />
<CustomAction Id="ImportPfx.Props" Property="ImportPfx" Value="[INSTALLDIR]ca\super.pfx" />
<CustomAction Id="ImportPfx" Execute="deferred" FileKey="hsminst.dll" DllEntry="ImportPfx" />
C++ Code:
extern "C" __declspec(dllexport) UINT __stdcall ImportCer(MSIHANDLE hInstall)
{
char szPath[MAX_PATH];
GetModuleFileNameA(NULL, szPath, MAX_PATH);
char certFilePath[MAX_PATH] = {0};
DWORD certFilePathLen = MAX_PATH;
MsiGetProperty (
hInstall,
"CustomActionData",
certFilePath,
&certFilePathLen);
wchar_t certFilePathW[MAX_PATH];
MultiByteToWideChar(
CP_ACP,
0,
certFilePath,
-1,
certFilePathW,
MAX_PATH);
PCCERT_CONTEXT pCertCtx = NULL;
if (CryptQueryObject (
CERT_QUERY_OBJECT_FILE,
certFilePathW,
CERT_QUERY_CONTENT_FLAG_ALL,
CERT_QUERY_FORMAT_FLAG_ALL,
0,
NULL,
NULL,
NULL,
NULL,
NULL,
(const void **)&pCertCtx) != 0)
{
HCERTSTORE hCertStore = CertOpenStore (
CERT_STORE_PROV_SYSTEM,
0,
0,
CERT_STORE_OPEN_EXISTING_FLAG |
CERT_SYSTEM_STORE_LOCAL_MACHINE,
L"root");
if (hCertStore != NULL)
{
if (!CertAddCertificateContextToStore (
hCertStore,
pCertCtx,
CERT_STORE_ADD_ALWAYS,
NULL))
{
return -2;
}
if (!CertCloseStore (hCertStore, 0))
{
return -3;
}
}
else
{
return -1;
}
if (pCertCtx)
{
CertFreeCertificateContext (pCertCtx);
}
}
return 0;
}
extern "C" __declspec(dllexport) UINT __stdcall ImportPfx(MSIHANDLE hInstall)
{
char certFilePath[MAX_PATH] = {0};
DWORD certFilePathLen = MAX_PATH;
MsiGetProperty (
hInstall,
"CustomActionData",
certFilePath,
&certFilePathLen);
wchar_t certFilePathW[MAX_PATH];
MultiByteToWideChar(
CP_ACP,
0,
certFilePath,
-1,
certFilePathW,
MAX_PATH);
CRYPTUI_WIZ_IMPORT_SRC_INFO importSrc;
memset(
&importSrc,
0,
sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO));
importSrc.dwSize = sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO);
importSrc.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_FILE;
importSrc.pwszFileName = certFilePathW;
importSrc.pwszPassword = L"111111";
importSrc.dwFlags = CRYPT_EXPORTABLE;
HCERTSTORE serviceStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
0,
CERT_STORE_OPEN_EXISTING_FLAG |
CERT_SYSTEM_STORE_CURRENT_USER,
L"my");
if (CryptUIWizImport(
CRYPTUI_WIZ_NO_UI ,
NULL,
NULL,
&importSrc,
serviceStore
) == 0)
{
return -1;
}
return 0;
}
Hope will help u
28
I am using custom action for same
<CustomAction Id="InstallCertificates" Directory="TARGETDIR" ExeCommand="[SystemFolder]Certutil –addstore –f "root" "[INSTALLLOCATION]Certificates\CertificateName.cer"" Execute="immediate" Return="ignore" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
