Authenticode code signing failure with X10

khalprin · Postby **khalprin** » Wed Oct 28, 2020 10:05 am

I'm using InstallAware X10. I recently renewed a code signing certificate and InstallAware reports a failure trying to sign the installer.

I can successfully use signtool.exe to manually sign executable files - so the certificate is good. I use the command:

signtool sign /f "filename.pfx" /p %pwd% /t http://timestamp.comodoca.com/authenticode file_to_sign.exe

I've tried the Installaware test program for signing a file with various urls (including the one above) and:
http://timestamp.digicert.com
http://timestamp.comodoca.com/rfc3161
and every other one in the InstallAware test signing app.
...but all fail.

I exported the certificate to pfx file using sha256 and using TripleDes - all signing through InstallAware fails with both formats.

What could be the issue?

Postby **FrancescoT** » Wed Oct 28, 2020 11:06 am

I just run a test using the "IA Code Sign Tool", and I don't see any problem.
Of course, as I have already discussed here (https://www.installaware.com/forums/viewtopic.php?f=2&t=11319#p43133), I had to use "http://timestamp.digicert.com" for the time stamp server.

: ia_code_sign.png (16.03 KiB) Viewed 8990 times

If you want to test your PFX with SignTool.exe, you should invoke SignTool two times over the same EXE file to sign, as follow:

1> SignTool.exe sign /f <SignCertFile.pfx> /t <time-stamp-URL> /p <PWD> <FileToSign>
2> SignTool.exe sign /f <SignCertFile.pfx> /as /fd sha256 /tr <time-stamp-URL> /td sha256 /p <PWD> <FileToSign>
https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool

The above cmd lines will apply a double digital signature to the given file.

khalprin · Postby **khalprin** » Wed Oct 28, 2020 11:38 am

Thanks Francesco,

I ran your two signing commands with my certificate and a file to sign. Both worked successfully and yet the "IA Code Sign Tool" and IA X10 itself report an error when signing the installer. What could be the cause of that?

Postby **FrancescoT** » Wed Oct 28, 2020 12:27 pm

From IA IDE, can you do a try with omitting the URL parameter (just leave the field blank)?

khalprin · Postby **khalprin** » Wed Oct 28, 2020 1:03 pm

I just stopped and restarted IA and built the project again. It worked fine - I have no idea why. I'll continue on and see if it happens again.

Thanks for your suggestions.

Authenticode code signing failure with X10

Authenticode code signing failure with X10

Re: Authenticode code signing failure with X10

Re: Authenticode code signing failure with X10

Re: Authenticode code signing failure with X10

Re: Authenticode code signing failure with X10

Who is online