InstallAware

So far we didn't have any success with code signing after upgrading to X4.

At first we didn't change the setup script at all and it failed, without saying why.
Than we edited the script by applying a new certificate file and password, with the same result.

The same new certificate works as expected when we're using it with our executables from the command line.

We're running our complete builds in FinalBuilder under Windows 10.

Dear Pfennig,

are you using a SHA-2 certificate?
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx

Regards

The signature algorithm is sha256RSA, the signature hash algorithm is sha256.

The signing works with X3 and from command line using C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe.

Dear Pfennig,

with IA X4 the Authenticode process applies now a Double signature to any signed file (...as required by the "Windows enforcement of authenticode code signing and timestamping").

Due of this, it's required the use a valid "SHA256_timestamp_url" that supports both SHA-1 and SHA-2 hashes.
For example; http://timestamp.comodoca.com/rfc3161

That said, are you sure that you have updated your <SHA256_timestamp_url> accordingly in the IA X4 Authenticode parameters?

Regards

This was the missing part, thank you.