Upon upgrade to 8.8 digital signing is now failing for me with the error;
[ DefaultBuild ]
Building package (en): C:\foo\bah.exe
Preparing files... The digital signing of the APPDIR\x86\bluurgh.exe file failed. Error Message:digisign.exe error. The certificate is missing or it cannot be used for signing.
Build finished because an error was encountered.
I have 'use file from disk' selected, the password is correct and the (.pfx) file is present. AI 8.7 and earlier work correctly.
Suggestions?
Suggested Articles
Re: A1 8.8 Signing Files
Hi ,
With version 8.8 we introduced in Advanced Installer a new digital signing tool, developed by us, so the user's will not need to install Microsoft's SDK in order to use their SignTool.
You don't need to uninstall the update, you can simply switch Advanced Installer to use the SignTool.exe from Microsoft SDK, from "Options -> External Tools", by default found under this path:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe"
Also, could you please give us a screen-shot with the certificate store from your machine by following the next steps, at support at advancedinstaller dot com:
-- run "certmgr" from command prompt
-- expand the tree element "Personal"
-- and send us a screen-shot with the certificates found there.
This is just for debug purposes, so my colleagues from development to understand why our sign tool failed with a certificate that should work.
Regards,
Bogdan
With version 8.8 we introduced in Advanced Installer a new digital signing tool, developed by us, so the user's will not need to install Microsoft's SDK in order to use their SignTool.
You don't need to uninstall the update, you can simply switch Advanced Installer to use the SignTool.exe from Microsoft SDK, from "Options -> External Tools", by default found under this path:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe"
Also, could you please give us a screen-shot with the certificate store from your machine by following the next steps, at support at advancedinstaller dot com:
-- run "certmgr" from command prompt
-- expand the tree element "Personal"
-- and send us a screen-shot with the certificates found there.
This is just for debug purposes, so my colleagues from development to understand why our sign tool failed with a certificate that should work.
Regards,
Bogdan
Re: A1 8.8 Signing Files
Reverting back to use signtool.exe fixes the problem. I hadn't spotted that I could do that. Thanks.
Re: A1 8.8 Signing Files
I can confirm this issue. I'm storing my signing certificate on Smart Card. However certificate selection UI displays it as active (smart card CSP copies certificate public part to the personal store).
®
Re: A1 8.8 Signing Files
It seems that AI fails if a certificate contains Key Usage extension (regardless of the extension value or extension criticality status). As far as I understand, the problem is in certificate filtering process. When you select a certificate from the store — it displays all certificates from the Personal store. During signing process, an additional certificate filtering process occurs where certificates with Key Usage extension are filtered at all.
®
Re: A1 8.8 Signing Files
Hi,
We have just released version 8.8.1 which switches the default sign tool to the one from Microsoft's SDK, if available on the machine, or if the user manually selected it.
Advanced Installer will only use our own sign tool if the user hasn't specified other settings and the one from Microsoft is not available. We are working hard on fixing the problems mentioned above so you can use our tool in the next version without the need to install Microsoft's SDK every time you need move Advanced Installer on another machine.
Regards,
Bogdan
We have just released version 8.8.1 which switches the default sign tool to the one from Microsoft's SDK, if available on the machine, or if the user manually selected it.
Advanced Installer will only use our own sign tool if the user hasn't specified other settings and the one from Microsoft is not available. We are working hard on fixing the problems mentioned above so you can use our tool in the next version without the need to install Microsoft's SDK every time you need move Advanced Installer on another machine.
Regards,
Bogdan
Re: A1 8.8 Signing Files
Hi,
We've implemented some improvements and fixes to our new digital signing tool. Of course it passes all the in-house tests we have but as it seems, you have different usage scenarios. Would you please try the new version to see if it works as expected with your certificates and post your feedback in this thread?
Download link:
http://dl.dropbox.com/u/5392761/our%20s ... gisign.exe
Best regards,
Bogdan
We've implemented some improvements and fixes to our new digital signing tool. Of course it passes all the in-house tests we have but as it seems, you have different usage scenarios. Would you please try the new version to see if it works as expected with your certificates and post your feedback in this thread?
Download link:
http://dl.dropbox.com/u/5392761/our%20s ... gisign.exe
Best regards,
Bogdan
Re: A1 8.8 Signing Files
The updated digisign.exe fixes the problem I was seeing.
Re: A1 8.8 Signing Files
Hi Bogdan
Sorry to but in on this thread but as it's related to this it seemed like a good place to ask.
I have just got a new digital certificate for a specific product I'm about to launch. A! 8.8.1 is installed. If I have read this post correctly would I be right in thinking that If i were to download the patch refered to above there should be no problems with using your own signing tool?
Dom
Sorry to but in on this thread but as it's related to this it seemed like a good place to ask.
I have just got a new digital certificate for a specific product I'm about to launch. A! 8.8.1 is installed. If I have read this post correctly would I be right in thinking that If i were to download the patch refered to above there should be no problems with using your own signing tool?
Dom
Re: A1 8.8 Signing Files
Hi Dom,
Yes, the tool should work correctly. However, if any problems should appear I recommend to fall back and use the tool from Microsoft's SDK, mentioned by me in this thread also.
Regards,
Bogdan
Yes, the tool should work correctly. However, if any problems should appear I recommend to fall back and use the tool from Microsoft's SDK, mentioned by me in this thread also.
Regards,
Bogdan
Re: A1 8.8 Signing Files
Hi,
Starting with Advanced Installer 8.8.2 our digital signing tool should not encounter the problems mentioned above.
Regards,
Bogdan
Starting with Advanced Installer 8.8.2 our digital signing tool should not encounter the problems mentioned above.
Regards,
Bogdan
-
findjammer
- Posts: 2
- Joined: Thu Feb 18, 2021 10:39 pm
Re: A1 8.8 Signing Files
I just hit this exact error with the built-in tool.
-
findjammer
- Posts: 2
- Joined: Thu Feb 18, 2021 10:39 pm
Re: A1 8.8 Signing Files
I didn't include all the info for my issue.
I'm trialing AI at the moment.
I have my cert installed properly. Open AI editor. Pick the cert in the drop down -> build. All works.
Check in to Git ... goes through the runner and fails saying it can't find the cert.
The machine I dev on and where I ran the build is the same machine running my GitLab runner.
I'm trialing AI at the moment.
I have my cert installed properly. Open AI editor. Pick the cert in the drop down -> build. All works.
Check in to Git ... goes through the runner and fails saying it can't find the cert.
The machine I dev on and where I ran the build is the same machine running my GitLab runner.
Re: A1 8.8 Signing Files
Hello and welcome to our forums,
Regarding the reason why GitLab runner can not find the certificate, unfortunately, since my experience with it is not so wide, I can not really say why this is happening.
Best regards,
Catalin
To be fully honest with you, this does not look to be an issue regarding Advanced Installer, since it detects the certificate and correctly signs your files.I have my cert installed properly. Open AI editor. Pick the cert in the drop down -> build. All works.
Check in to Git ... goes through the runner and fails saying it can't find the cert.
Regarding the reason why GitLab runner can not find the certificate, unfortunately, since my experience with it is not so wide, I can not really say why this is happening.
Best regards,
Catalin