I am using Advanced Installer v13 Enterprise on a Windows 7 PC. I was having problems digitally signing my files when using the external signtool.exe, so I unchecked the "Use an external tool" and I was able to use the internal tool to digitally sign my files and MSI package.
I need a .NET prerequisite, so I needed to change my Package Type from 'Single MSI' to 'Single EXE', but now I get the following error when I try to create an install package:
Could not extract digital certificate from [C:\Repositories\src\Applications\Test\Your Application.v13-cache\part2\disk1.cab].
I also have the same problem when using an old version of Advanced Installer v10.5.1, so this issue has been around for a while.
What do I need to do to digitally sign my install package when using a Single EXE?
I noticed that I get the same error message (except for the path), when selecting any 'Package Type' other than 'Single MSI'. Any other package type gives me an error about not being able to extract a digital certificate from a .CAB file. When I looked for the .CAB file on my computer, it does not exist when I see the message. I don't understand why it is trying to extract a digital certificate when it is supposed to be signing the .CAB file.
Thanks,
Jeff
Suggested Articles
Re: Digital Signing Single EXE error
Hello Jeff,
We recommend to install the latest Windows 8.1 SDK and try to use the SignTool from there. If the behaviour still persist, can you please try to build your project on another machine? Maybe something is corrupt on the current one. You can also take a look on the Windows SDK tools required for creating MSI packages article which may be useful to you.
Let me know if that helped.
Best regards,
Dan
We recommend to install the latest Windows 8.1 SDK and try to use the SignTool from there. If the behaviour still persist, can you please try to build your project on another machine? Maybe something is corrupt on the current one. You can also take a look on the Windows SDK tools required for creating MSI packages article which may be useful to you.
Let me know if that helped.
Best regards,
Dan
Re: Digital Signing Single EXE error
Hello,
I'm experiencing this problem on two different Windows 7 machines. I recently installed a number of security updates on both machines and wonder if that's related. Prior to installing these updates I was able to sign my exe files without a problem.
I tried installing the Windows 8.1 SDK but that didn't help the problem. I'm running Advanced Installer 13.1 on both Windows 7 Professional x64 and Windows 7 Ultimate x64.
It's worth noting that repeatedly running the build advances the disk[N].cab file reference in the error report.
Here is the full error report from one machine:
Thank you,
Alex
I'm experiencing this problem on two different Windows 7 machines. I recently installed a number of security updates on both machines and wonder if that's related. Prior to installing these updates I was able to sign my exe files without a problem.
I tried installing the Windows 8.1 SDK but that didn't help the problem. I'm running Advanced Installer 13.1 on both Windows 7 Professional x64 and Windows 7 Ultimate x64.
It's worth noting that repeatedly running the build advances the disk[N].cab file reference in the error report.
Here is the full error report from one machine:
Code: Select all
Could not extract digital certificate from [C:\Users\Admin\Documents\Suran\Code\omnis_applications\trunk\CDM+\installer\CDM+-cache\part2\disk1.cab].
Advanced Installer 13.1 build 71115
*** Stack Trace (x86) ***
[0x76dfc54f] RaiseException()
[0x01754478] -----
[0x006f5b9e] -----
[0x0084d06e] -----
[0x008491f4] -----
[0x00847261] -----
[0x008451a0] -----
[0x00844fb2] -----
[0x007f3705] -----
[0x0067e799] -----
[0x0067dbd2] -----
[0x0067c7b8] -----
[0x0067c40e] -----
[0x0067c206] -----
[0x0067b102] -----
[0x00679ac8] -----
[0x00493674] -----
[0x0048f027] -----
[0x0178996e] -----
[0x0178ea5c] -----
[0x01081b78] -----
[0x01081ca9] -----
[0x77afa242] RtlInitializeExceptionChain()
[0x77afa215] RtlInitializeExceptionChain()
[0x003d0000] MODULE_BASE_ADDRESS
Alex
Re: Digital Signing Single EXE error
Hi Alex,
Can you please tell us if the behaviour still persists when using our internal DigiSign to sign the setup package? You can change this option in the File -> Options -> External Tools dialog.
If you don't have the SDK installed or you disable the option to use an external tool, Advanced Installer has its own alternative DigiSign tool that can be used to digitally sign the packages it creates.
Also, in order to have a better view about this, can you please send us the .AIP (project file) to support at advancedinstaller dot com so we can investigate it? If it contains confidential information you can send us a small test project which reproduce this behavior. By the way, does the behaviour persist in any project that you create and try to sign it?
Best regards,
Dan
Best regards,
Dan
Can you please tell us if the behaviour still persists when using our internal DigiSign to sign the setup package? You can change this option in the File -> Options -> External Tools dialog.
If you don't have the SDK installed or you disable the option to use an external tool, Advanced Installer has its own alternative DigiSign tool that can be used to digitally sign the packages it creates.
Also, in order to have a better view about this, can you please send us the .AIP (project file) to support at advancedinstaller dot com so we can investigate it? If it contains confidential information you can send us a small test project which reproduce this behavior. By the way, does the behaviour persist in any project that you create and try to sign it?
Best regards,
Dan
Best regards,
Dan
Re: Digital Signing Single EXE error
Hi Dan,
Choosing "C:\Program Files (x86)\Caphyon\Advanced Installer 13.1\bin\x86\digisign.exe" doesn't resolve the issue, nor does leaving the "Use external tool" checkbox unchecked help.
I was able to reproduce this with a simple project that installs the portable 7zip executable and dll. Signing the installer as an msi works great, but fails when using a self-contained exe bootstrapper. I've sent the sample project to the support email address.
Alex
Choosing "C:\Program Files (x86)\Caphyon\Advanced Installer 13.1\bin\x86\digisign.exe" doesn't resolve the issue, nor does leaving the "Use external tool" checkbox unchecked help.
I was able to reproduce this with a simple project that installs the portable 7zip executable and dll. Signing the installer as an msi works great, but fails when using a self-contained exe bootstrapper. I've sent the sample project to the support email address.
Alex
Re: Digital Signing Single EXE error
I believe I found the root problem. I built the MSI only and signed it, then reviewed the properties on the MSI. Under Digital Signatures -> My cert -> Details -> View Certificate I found a message showing the certificate was revoked. This is indeed something I'd done working on another issue a few weeks back, but I was able to sign with the revoked certificate for a couple weeks so I didn't associate the two events.
I expect once I get a proper certificate loaded all will be well. For anyone else running into this issue, try building an MSI only and reviewing the certificate on that MSI to see if there are issues with it.
I expect once I get a proper certificate loaded all will be well. For anyone else running into this issue, try building an MSI only and reviewing the certificate on that MSI to see if there are issues with it.
-
chrisjohnson
- Posts: 1
- Joined: Mon Aug 29, 2016 8:08 pm
Re: Digital Signing Single EXE error
We had a similar problem. We would like to sign our Single EXE install package ourside of Advanced Installer entirely. This is because we use a hardware based signing solution (EV code signing cert from DigiCert). We use continuous integration and would like to build the installer as part of that ... however we would need a human to stand there and enter the password if we did code sign it at that point.
We want to use the DigiCert code signing utility on the EXE package AFTER it is created by Advanced Installer.
Right now when we do that the installer will start ... but once it starts installing it seems to crash with no UI to say what happened.
Here is a link to the failing exe to illustrate the issue:
https://dl.dropboxusercontent.com/u/272 ... hAgent.exe
Is this possible?
PS: i should add. If we package our installer as an MSI signing outside of Advanced Installer using teh DigiCert utility works perfectly. Its just the EXE install that fails.
We want to use the DigiCert code signing utility on the EXE package AFTER it is created by Advanced Installer.
Right now when we do that the installer will start ... but once it starts installing it seems to crash with no UI to say what happened.
Here is a link to the failing exe to illustrate the issue:
https://dl.dropboxusercontent.com/u/272 ... hAgent.exe
Is this possible?
PS: i should add. If we package our installer as an MSI signing outside of Advanced Installer using teh DigiCert utility works perfectly. Its just the EXE install that fails.
Re: Digital Signing Single EXE error
Hello and welcome to our forums,
Indeed the installation is aborted when you sign the EXE setup outside of the AI build process. This happens when you use our "Enhanced User Interface" feature. On EUI we check the digital signature of the EXE and of its embedded MSI. If there is a mismatch, then the installation is aborted. This is a limitation imposed by our EUI feature.
To avoid this, beside signing your EXE setup package outside AI you can also use a test certificate to sign the setup files (including the MSI) from our "Digital Signature" page. Just create a test certificate and use it in our "Digital Signature" page so that the MSI package be signed too. If the MSI package is signed too the installation will be allowed.
Important!
This option is available starting with the 13.0 version of Advanced Installer.
Let us know if this helped.
All the best,
Daniel
Indeed the installation is aborted when you sign the EXE setup outside of the AI build process. This happens when you use our "Enhanced User Interface" feature. On EUI we check the digital signature of the EXE and of its embedded MSI. If there is a mismatch, then the installation is aborted. This is a limitation imposed by our EUI feature.
To avoid this, beside signing your EXE setup package outside AI you can also use a test certificate to sign the setup files (including the MSI) from our "Digital Signature" page. Just create a test certificate and use it in our "Digital Signature" page so that the MSI package be signed too. If the MSI package is signed too the installation will be allowed.
Important!
This option is available starting with the 13.0 version of Advanced Installer.
Let us know if this helped.
All the best,
Daniel