All geek questions in one place

How to sign MSI?

My company wants to prevent the UAC pop-up that appears when customers install our product. We purchased the VeriSign certificate (VeriSign Class 3 Code Signing 2010 CA) and I received the file MyCompany.cer.

I installed the certificate by double-clicking it and selecting the "Personal" store. Now it appears in snapin certificates along with several other certificates. Snapin says its goal is "Code Signing." I got the SHA1 hash by copying the fingerprint.

I am trying to sign msi with this command:

signtool sign /sha1 <thumbprint> myInstaller.msi

and get the message "SignTool Error: No certificates were found that met all the specified criteria."

If I leave "/ sha1", I get a list of most of the other certificates in the store - those that say their purpose is "<All>" My certificate is not specified.

What am I doing wrong?

+6
source share
1 answer

This is pretty old, but I hope this helps someone.

First of all, you need to check that you have a secret key for this .cer file. If you open it, you will see a key icon somewhere followed by a sentence:

 You have a private key for this certificate

Please note that you must install the certificate on the same computer where the key pair (and CSR) was created. Obviously, if you do not have a secret key, you cannot sign anything.

+2
source

Source: https://habr.com/ru/post/918409/

More articles:


All Articles