Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.

Digital signing fails

Started by deramor , Apr 19 2017 20:40

Best Answer Stefan Krueger , 06 May 2017 - 10:32

This problem has been addressed in InstallShield 2016 Service Pack 2

Go to the full post

3 replies to this topic

deramor

Full Members
187 posts

Posted 19 April 2017 - 20:40

Hello all,

I'm not sure where to put this as it applies to all Installshield project types that include signing its output files.

Installshield uses a Timestamp server http://timestamp.geotrust.com/tsa. This server is now offline (replaced)

https://knowledge.sy...iewlocale=en_US

Symantec provides a replacement but there is no obvious way to tell Installshield how to use this new server in the UI.

You must make the change to a specific Installshield instance you have on your system. Both developer and SAB.

Change your settings.xml file located here: C:\Program Files (x86)\InstallShield\2016\Support\0409

Search for http://timestamp.geotrust.com/tsa

It will show up in a line that looks like this: <DigitalSignature Timestamp="http://timestamp.geo...rust.com/tsa"/>

Change the server location to one on the Symantec page. I was unable to get the new legacy server to work. I therefore needed to use http://sha256timesta...ha256/timestamp

Note that this server uses a new CA so this may affect how your install runs. In disconnected environments, if this CA is missing, the installation will fail. In connected environments, if the CA is missing, Windows 7 and newer will as Windows Update for the CA needed. The install process may take a bit longer the first time but any subsequent installation will take the normal amount of time.

Stefan Krueger

InstallSite.org

Administrators
13,269 posts

Posted 21 April 2017 - 19:49

Hi,

I asked Flexera Support about this problem and here's their answer:

By default, InstallShield should be using http://timestamp.ver...ts/timstamp.dll for the timestamp server. However, the issue with http://timestamp.geotrust.com/tsa going offline and problems with using the new SHA-1 with RFC 3161 service is a known issue, and should be resolved in the next Service Pack release of InstallShield. We currently do not have an estimated time for when this will be released

Stefan Krüger
InstallSite.org twitter facebook

HOWTO: Logging an MSI installation

Read this before sending me e-mail or private messages

deramor

Full Members
187 posts

Posted 21 April 2017 - 19:53

Fortunately for me, My signing certificate and the new SHA256 timestamp server both use the same Symantec CA Root. There were no negative effects to make the switch for me. Thanks for following up with support.