I just noticed an unexpected gotcha after re-reading the Help file, it states that due to platform limitations dual signing is only available when building on Windows 8 or newer due to platform limitations. Sadly I missed this after upgrading to X4 and it wasn't until a customer pointed out that the installer wasn't dual signed. Totally my fault for not paying enough attention to even notice my mistake, and slightly embarrassing that I didn't double check.
I'll be quite honest, I simply assumed that my setup would be dual signed, maybe there should be some dynamic text (warning) in the Authenticode setup that states whether or not the file will be dual signed based on the certificate and/or OS version?
Though I am not entirely sure why this is considered a platform limitation, when we can dual sign with signtool.exe on Windows 7 without any issues, I use the signtool.exe shipped with the Windows 8.1 resource kit. So either InstallAware doesn't use the signtool.exe for signing or InstallAware doesn't take advantage of using signtool.exe for dual signing on Windows 7, or it uses some other signing configuration, perhaps in regards to Windows Market place?
UPDATE.. Just noticed the blog post http://www.installaware.com/blog/?p=416
So I guess the solution is to run the signtool.exe from within the build events, which is fine; but I am not entirely sure if this logic is obvious, especially when referencing just the help file.
Dual Signging Authenticode in InstallAware X4 on Windows 7
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: Dual Signging Authenticode in InstallAware X4 on Windows 7
Dear Bigstar,
at the time we implemented Double Signature in X4, we followed Microsoft guidelines as for example;
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx.
I'm pretty sure that at that time, the above link reported <double Signature> support with Win 8 and higher OS. For what I see the above link must have been updated ... because I am not able to find this anymore.
At any rate, InstallAware uses Microsoft Signtool as well ... you may replace the tool version under "C:\Program Files (x86)\InstallAware X4\authenticode". Of course, this is approach is limited to IA X4 only.
Hope this helps you.
Regards
at the time we implemented Double Signature in X4, we followed Microsoft guidelines as for example;
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx.
I'm pretty sure that at that time, the above link reported <double Signature> support with Win 8 and higher OS. For what I see the above link must have been updated ... because I am not able to find this anymore.
At any rate, InstallAware uses Microsoft Signtool as well ... you may replace the tool version under "C:\Program Files (x86)\InstallAware X4\authenticode". Of course, this is approach is limited to IA X4 only.
Hope this helps you.
Regards
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Who is online
Users browsing this forum: No registered users and 136 guests
