Jump to content


This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Photo

OneClick Install Digital Signature


1 reply to this topic

frank36

frank36
  • Members
  • 1 posts

Posted 17 April 2002 - 21:11

Hello,

We are trying to install a digital signature on our OneClick Install Setup. We bought a digital Id from Verisign and we now have a .pvk and a .spc file. From InstallShield 6.3, I check the digital signature option and select my spc and pvk files. When the building package process is about to be over, I have to enter my password for completing the job. Everything seems to be Ok and I have no error message. When we try our setup package, we still have the window telling us about the risk of installing a non-secure application.

I also tried to use the iSign tools with these option : iSign.exe -spc my.spc -v my.pvk -p password data1.hdr. The operation is succeed but the result on our package is the same

Any idea?

hteichert

hteichert
  • Members
  • 158 posts

Posted 18 April 2002 - 10:10

I think the problem isn't in your setup, but in the digital ID.

To trust an ID it's necessary that the PC where this product shall be installed trusts the company that issued the ID. It might be that the destination PC doesn't trust Verisign - so it can't trust your ID.

The whole process of signing/trusting can be a bit tricky.
To trust a certificate, it's necessary to trust the issuer of this certificate. To trust the issuer of this certificate, there must be another certification instance, which issues a certificate for the certificate issuer. And so on .......

OK, but there must be a way to break this endless row of certificates:
There are so called Root-CAs. It's necessary to trust such a Root-CA, then all certificates that are issued by this CA are trusted, too. This way it goes down the whole tree.
What you might need to do is to install a Root-Certificate for Verisign. Verisign got several, but when installing your software there's a button "View certificate" or something like that. The opening window shows the certificate and who issued it. Normally here you can open another window to see the issuers certificate, and so on until you reach the Root-CAs certificate. You have to trust this Root-certificate to trust all by this issuer created certificates.

Important: It doesn't help if your developping environment trusts Verisign, the PC where the product shall be installed must trust Verisign.

There is lot of docu on MSs website about certificates, it's worth reading.
h.teichert-ott