Get the following error when installing our product on a client's new server running Server 2008 R2 without internet access.
This installer has worked on all other servers or pcs with internet access so far.
A file that is required cannot be installed because the cabinet file C:\pathname\disk1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.
The MSDN forum said to install the root certificate for your certificate authority on the server as work around. We downloaded and installed the Thawte root certificates and installed them on the client server and still got the error.
Using Advanced Installer 13.5 and Thwarte code signing certificate.
Install works fine on our test server 2008 r2 enviroment but it is a virtual machine and not possible to turn off internet on it since remote desktop to it. Could possibly block the port that it uses to verify the cert but not sure on the port.
I tried installing on a Win10 machine with no internet access and it worked but it might be because I installed the installer on this machine before or the certs ncluded by default on win 10 being newer?
Suggested Articles
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello,
Please make sure that you have installed your authority certificate in the "Trusted Root Certification Authorities" section of your local machine certificates store.
Also, to check what exactly causes this signature invalidation you can check the state of your digital signature and of the countersignature too of your setup. Here is how you can proceed:
1. right click on your setup file (EXE/MSI) and choose "Properties..."
2. go to "Digital Signatures" tab, select your digital signature entry and click on [Details] button
3. on the opened dialog you should go on two routes and check and make sure that all the signatures and certificates are valid ones: the actual signature and the countersignature
3.1. in the "Signer Information" section click on the [View certificate] button to check the certificate chain of your current digital signature
3.2. in the "Countersignatures" section click on [Details] button and check the signature and the certificate chain of your countersignature
Just try to install the certificate chain of your signature and of the countersignature too in the "Trusted Root Certification Authorities" section of your local machine certificates store and see if this helped.
All the best,
Daniel
Please make sure that you have installed your authority certificate in the "Trusted Root Certification Authorities" section of your local machine certificates store.
Also, to check what exactly causes this signature invalidation you can check the state of your digital signature and of the countersignature too of your setup. Here is how you can proceed:
1. right click on your setup file (EXE/MSI) and choose "Properties..."
2. go to "Digital Signatures" tab, select your digital signature entry and click on [Details] button
3. on the opened dialog you should go on two routes and check and make sure that all the signatures and certificates are valid ones: the actual signature and the countersignature
3.1. in the "Signer Information" section click on the [View certificate] button to check the certificate chain of your current digital signature
3.2. in the "Countersignatures" section click on [Details] button and check the signature and the certificate chain of your countersignature
- screenshot.jpg (72.79 KiB) Viewed 16046 times
All the best,
Daniel
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Thank you.
I did install all the Twarte Root Certificates from here https://www.thawte.com/roots/ in the "Trusted Root Certification Authorities" section of the local machine and did not help.
Checked the details you asked for.
Certificate is Issued by thawte SHA256 Code Signing CA
Countersignatures
Symantec SHA256 TimeStamping Signer - G1
Would that mean I need to install the Symantec root certificates as well?
https://knowledge.symantec.com/support/ ... t&id=AR657
Need to set up a new offline server2012r2 Virtual Machine to test. Have not been able to reproduce this on any of our test servers/machines.
I did install all the Twarte Root Certificates from here https://www.thawte.com/roots/ in the "Trusted Root Certification Authorities" section of the local machine and did not help.
Checked the details you asked for.
Certificate is Issued by thawte SHA256 Code Signing CA
Countersignatures
Symantec SHA256 TimeStamping Signer - G1
Would that mean I need to install the Symantec root certificates as well?
https://knowledge.symantec.com/support/ ... t&id=AR657
Need to set up a new offline server2012r2 Virtual Machine to test. Have not been able to reproduce this on any of our test servers/machines.
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello,
Yes the Root certificates of the countersignatures vendor must be installed too. Can you please install these certificates too and let us know if this worked?
All the best,
Daniel
Yes the Root certificates of the countersignatures vendor must be installed too. Can you please install these certificates too and let us know if this worked?
All the best,
Daniel
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Tried installing the Symantec certificates as well and I still get a disk1.cab has an invalid digital signature error.
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello,
When this error appears (at install time) can you open in Explorer the CAB extraction path, and then check the Digital Signature of your CAB file as I previously explained:
And make sure the certificate chain of your signature and of the countersignature are installed in the "Trusted Root Certification Authorities" section of your LOCAL MACHINE certificates store.
All the best,
Daniel
When this error appears (at install time) can you open in Explorer the CAB extraction path, and then check the Digital Signature of your CAB file as I previously explained:
You can find the CAB extraction path into your setup project -> "Builds" page -> "Configuration" tab -> "Extract location" field.Here is how you can proceed:
1. right click on your setup file (EXE/MSI) and choose "Properties..."
2. go to "Digital Signatures" tab, select your digital signature entry and click on [Details] button
3. on the opened dialog you should go on two routes and check and make sure that all the signatures and certificates are valid ones: the actual signature and the countersignature
3.1. in the "Signer Information" section click on the [View certificate] button to check the certificate chain of your current digital signature
3.2. in the "Countersignatures" section click on [Details] button and check the signature and the certificate chain of your countersignature
And make sure the certificate chain of your signature and of the countersignature are installed in the "Trusted Root Certification Authorities" section of your LOCAL MACHINE certificates store.
All the best,
Daniel
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello,
I have nearly the same issue with one of my installer projects. When no internet access is available the installer fails with "invalid digital signature".
What I wonder the most is, I have other installer projects which uses the same certificate and signing option, but these installers do not fail and excatly the same Windows machines. Therefore I assume that it is caused by installer project settings. Does someone knows which settings this can be?
Thanks in advance,
Andre
I have nearly the same issue with one of my installer projects. When no internet access is available the installer fails with "invalid digital signature".
What I wonder the most is, I have other installer projects which uses the same certificate and signing option, but these installers do not fail and excatly the same Windows machines. Therefore I assume that it is caused by installer project settings. Does someone knows which settings this can be?
Thanks in advance,
Andre
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello Andre,
I'm not sure what could be different. Can you please send us two AIPs (project files), one whose setup works and the other whose setup fails, to support at advancedinstaller dot com? Maybe we can find out what causes the difference.
All the best,
Daniel
I'm not sure what could be different. Can you please send us two AIPs (project files), one whose setup works and the other whose setup fails, to support at advancedinstaller dot com? Maybe we can find out what causes the difference.
All the best,
Daniel
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hi,
it looks as that I can fix the issue when I use "LZMA compression" instead of CAB file archive. I use AI version 13.8. onyl. Is there a recent problem in the CAB file signing or is the signing different for LZMA compression?
Best regards,
Andre
it looks as that I can fix the issue when I use "LZMA compression" instead of CAB file archive. I use AI version 13.8. onyl. Is there a recent problem in the CAB file signing or is the signing different for LZMA compression?
Best regards,
Andre
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello Andre,
No, the only difference is that Windows Installer doesn't check the signature of the LZMA archive. It only checks the install files archive signature when the files are archived into a CAB.
All the best,
Daniel
No, the only difference is that Windows Installer doesn't check the signature of the LZMA archive. It only checks the install files archive signature when the files are archived into a CAB.
All the best,
Daniel
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello Daniel,
you may check my project file why the signing does not work in cases the installing server does not have internet.
Another problem is that we use this project as Addon for another major project. Means the installation path of the major project is searched and the APPDIR is set to this path so that it is offered to the user to install into the major projects install path. But during uninstall the whole major project path is deleted as well. Why?
Best regards,
Andre
you may check my project file why the signing does not work in cases the installing server does not have internet.
Another problem is that we use this project as Addon for another major project. Means the installation path of the major project is searched and the APPDIR is set to this path so that it is offered to the user to install into the major projects install path. But during uninstall the whole major project path is deleted as well. Why?
Best regards,
Andre
Re: disk1.cab has an invalid digital signature on server2008r2 no internet
Hello Andre,
Please accept my apologies for such a delayed reply, but I was out of the office in the past two weeks.
Most likely the uninstall problem happens because of the folder removal operation you configured on the "Application Folder" directory of your setup project. Please go to "Files and Folders" page, right click on "Application Folder", choose "Properties" and go to "Operations" tab. Here please uncheck the "Remove Folder" option, rebuild the addon setup and test again the uninstall scenario.
All the best,
Daniel
Please accept my apologies for such a delayed reply, but I was out of the office in the past two weeks.
Most likely the uninstall problem happens because of the folder removal operation you configured on the "Application Folder" directory of your setup project. Please go to "Files and Folders" page, right click on "Application Folder", choose "Properties" and go to "Operations" tab. Here please uncheck the "Remove Folder" option, rebuild the addon setup and test again the uninstall scenario.
All the best,
Daniel