So far we didn't have any success with code signing after upgrading to X4.
At first we didn't change the setup script at all and it failed, without saying why.
Than we edited the script by applying a new certificate file and password, with the same result.
The same new certificate works as expected when we're using it with our executables from the command line.
We're running our complete builds in FinalBuilder under Windows 10.
X4 Code signing fails
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: X4 Code signing fails
Dear Pfennig,
are you using a SHA-2 certificate?
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx
Regards
are you using a SHA-2 certificate?
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx
Regards
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Re: X4 Code signing fails
The signature algorithm is sha256RSA, the signature hash algorithm is sha256.
The signing works with X3 and from command line using C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe.
The signing works with X3 and from command line using C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe.
Best regards
pfennig
pfennig
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: X4 Code signing fails
Dear Pfennig,
with IA X4 the Authenticode process applies now a Double signature to any signed file (...as required by the "Windows enforcement of authenticode code signing and timestamping").
Due of this, it's required the use a valid "SHA256_timestamp_url" that supports both SHA-1 and SHA-2 hashes.
For example; http://timestamp.comodoca.com/rfc3161
That said, are you sure that you have updated your <SHA256_timestamp_url> accordingly in the IA X4 Authenticode parameters?
Regards
with IA X4 the Authenticode process applies now a Double signature to any signed file (...as required by the "Windows enforcement of authenticode code signing and timestamping").
Due of this, it's required the use a valid "SHA256_timestamp_url" that supports both SHA-1 and SHA-2 hashes.
For example; http://timestamp.comodoca.com/rfc3161
That said, are you sure that you have updated your <SHA256_timestamp_url> accordingly in the IA X4 Authenticode parameters?
Regards
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: X4 Code signing fails
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Who is online
Users browsing this forum: No registered users and 172 guests
