Forums

[BobCrothers]

Hi AI Gurus,

I have had very little experience with signing package/code and I realize that my questions go beyond Advanced Installer.

One of our clients wants to install our application on Windows 7, 64 bit. When the install program runs a "User Account Control" dialog is displayed, with the following message, "Do you want to allow the following program from an unknown publisher to make changes to this computer?" I’m trying to list our company as the publisher. I created a .cer file using the following command
makecert -pe -n "CN=InformatixInc" InformatixInc.cer
I created a .pfx file from the .cer file.

The "Sign the package" in AI project is now checked. Application used to sign is SignTool.exe. "File from Disk" points to the .pfx file that was created. The following error is displayed when the project is built

Signing MSI... error.
Exception - Reason: The digital signing of the MSI package failed. Error Message:Done Adding Additional Store

Number of errors: 1
SignTool Error: ISignedCode::Sign returned error: 0x80880253
The signer's certificate is not valid for signing.
SignTool Error: An error occurred while attempting to sign: C:\Temp\Install-Projects\RapidClientMSI\RapidClient_1.5.30_PublisherTest.msi

Build finished because an error was encountered

---

Besides this error I have doubts that I can create my own certificate. It sounds like we need to buy a certificate from VeriSign or another certificate authority. It looks like the price at VeriSign is about $500 for a one year certificate.

How do we change the publisher unknown to the name of our company? Can we do this with a certificate which I create? If yes, do you know what causes the error 0x80880253? If no, is there a way to get a certificate for free which will satisfy our requirements of listing our company as the publisher.

Thank You,
Bob

[Bogdan]

Hi Bob,

Besides this error I have doubts that I can create my own certificate. It sounds like we need to buy a certificate from VeriSign or another certificate authority.

This is correct, you will need to purchase a code signing certificate from one of the companies that are selling this kind of certificates.

How do we change the publisher unknown to the name of our company?

This can be done only by signing the package with a valid certificate.

Can we do this with a certificate which I create? If yes, do you know what causes the error 0x80880253?

No, you will need to purchase the certificate, you cannot use a certificate created by you. The error code is returned by the sign tool used, not
by Advanced Installer. This probably happens because this is not a valid certificate.

If no, is there a way to get a certificate for free which will satisfy our requirements of listing our company as the publisher.

From what I know there is no company that can offer you code signing certificates for free. Maybe there are companies with smaller prices, but I am not aware
of any company which can offer it for free. You can try a search on Google, maybe you will find something.

Please let us know if you have other questions.

Regards,
Bogdan

[sjeslis]

Does anyone know if using an expired certificate will also produce this same error?

[mihai.petcu]

Hello,

Yes it could, but why would you want to use an expired certificate?

All the best,
Mihai

[talderson]

I have the exact problem. I do have a valid cert though (not expired and purchased through entrust). Any help here would be very helpful. An added note. I only get this when I go into files and select the properties of the .vsto file and select "digitally sign the file". Obvious answer is to not select that but then the publisher info doesn't show up in the addin.

Help much appreciated.

[mihai.petcu]

Hello,

Here's the "How to Sign Office 2007 plugin" thread that may help you with this.

All the best,
Mihai