Jump to content


This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Photo

Sign files using tools of SDK.


3 replies to this topic

thanatos83

thanatos83
  • Full Members
  • 40 posts

Posted 27 November 2010 - 20:42

Hi...

I need help with sign setup.exe, yesterday i maked with makecert tool a certificate with a pvk file in Windows 7. Then i include this certificate in a trust, "Root Certification Authorities trusted".

Finally when i build a "Basic MSI project" i set "sing setup.exe and msi" but the problem is this:

If i install my build in windows 7 i see the editor is trusted but if i install my build in XP so i see in properties of setup that ins't trsuted.

Do I have install the certificate manually in XP?, or there's a method to do automatically?

It's for use personal and not to enterprise...

Thanks...

Stefan Krueger

Stefan Krueger

    InstallSite.org

  • Administrators
  • 13,269 posts

Posted 29 November 2010 - 07:52

Did you test this only in the Windows 7 machine where you created the certificate and added it as a trusted authority, or also on a different Windows 7 machine?
Self-created certificates aren't trustful (anyone could create one). That's why your identity has to be certified by a trusted root authority, like Verisign for instance.

thanatos83

thanatos83
  • Full Members
  • 40 posts

Posted 30 November 2010 - 01:30

Hi Stefan.

Yes, first i test this in one machine with windows 7 where i maked a certificate and trusted authority.

And the second test was in XP, so in properties of setup.exe from XP i see that isn't trust.

So I think that need to install manually the certificate in XP machine or some others machines, really?

There's a way to do identity has to be certified by a trusted root authority but free?

Edited by thanatos83, 30 November 2010 - 13:34.


Stefan Krueger

Stefan Krueger

    InstallSite.org

  • Administrators
  • 13,269 posts

Posted 30 November 2010 - 15:22

QUOTE
So I think that need to install manually the certificate in XP machine or some others machines, really?
You don't want your customers to do this. And it would be useless, as installing an untrusted/unverified certificate makes your system less secure, not more secure.

QUOTE
There's a way to do identity has to be certified by a trusted root authority but free?
Verisign probably isn't the only provider, but as far as I know none of them is free. Remeber that they have to keep the cerificates under high security and have to verify your identity etc. You have to pay for this effort (although maybe not as much as Verisign charges).