InstallAware

We have created a TestCert for code signing the executable files. Everything works fine as we're using a dos-promt:



But, when we try to use the InstallAware included feature the code signing fails:





What do we wrong? Did we forget something to adjust somewhere in the InstallAware settings?

Please advise ...

You are certain that the paths to the certificate and key are correct?

http://www.installaware.com/forum/viewt ... f=2&t=5826

Yes, we are certain that the paths to the certificate and key is correct.

Where did you get the certificate and key from?

We have created a testing certificate by our own, this works fine as we're using the command line tolls (Makecert.exe, Cert2spc.exe and Signcode.exe) in a dos-promt (see above). We think it's not a problem of the key's ...

Have you verified that the code signature was valid? In other words, have you run "signtool.exe verify /v /pa" on your signed executabled? I've never played around with self-signed certificates, but I have never had a problem with the ones from VeriSign and InstallAware.

Thank you very much, perfect hint! Now it works within InstallAware as well. We'll now try to explain 1st how to create a certificate for testing purposes and 2nd what our problem was, just for the community:

We create a testing certificate:

Makecert.exe -a sha1 -b 01/01/2010 -e 01/01/2015 -in "CN=TestCert" -sv TestCert.pvk TestCert.cer

After that we have to convert the certificate from CER to SPC:

Cert2spc.exe TestCert.cer TestCert.spc

After that we do the code signing itself:

Signcode.exe -spc TestCert.spc -v TestCert.pvk "C:\InstallAware\Release\Setup.exe" -t "http://timestamp.verisign.com/scripts/timstamp.dll"

This all works fine, the Setup.exe is code signed with our self created certificate, but the certificate is not fully valid because of it's "Root certificate" (keep in mind we are still using a testing certificate):



As you see the root certificate from "Root Agency" is red which means that all certificates beneath are invalid as well, means our testing certificate from "Joe's-Software-Emporium" (name is given from Microsoft) is not valid at all.

Now, validating the Setup.exe whith

Signtool.exe verify -pa "C:\InstallAware\Release\Setup.exe"

show's up an error pointing exactly this fact. So, what to do? We come closer ...

We have to put the root certificate from "Root Agency" into the proper certificate cache/path. Therefor we have to export the root certificate by clicking the button "Zertifikat anzeigen" / "Show certificate", then click somewhere the button "In Datei kopieren ..." / "Copy to file ..." and follow the steps of the wizard. After that doubleclick the file created and the click "Zertifikat installieren" / "Install certificate". That's all, that's it!

Now, validating the Setup.exe with

Signtool.exe verify -pa "C:\InstallAware\Release\Setup.exe"

show's up NO ERROR. This certificate work's fine with InstallAware as well! That's it!

The only time I ever had a problem with with code signing in IA was after I upgraded to R2 and the problem was just the path to signcode.exe in my older projects.

In fact I like the code signing in IA better than any other program I've used, because it automates entering of the password. Works so well I snatched the idea and did my own standalone clone program for signing other EXE's, DLL's and OCX's. Thanks for the idea IA folks.