[Solved] Error signing application

[mdsystems]

Hi,

Previously I have been able to sign my applications using digisign.exe but following an update to my certificate, signing no longer works. I am definitely using the correct password to access the private key but keep seeing the following error:

Code: Select all

Checking builds status
Build required.

[ DefaultBuild ]
Importing digital certificate
Building package: G:\Project\Current\Installer\Test Setup\TestApplicationInstaller.msi
Prepare build
Preparing files
The digital signing of the ProgramFilesFolder\MDS\Test\Four04.exe file failed. Error message: 'digisign.exe error. System error code: 2148073488. Error message: Access denied.

digisign.exe sign /f G:\Project\CodeCert2020.pfx /p *************** /d Test /fd SHA256 /tr http://timestamp.digicert.com /td sha256 '
Error details
 
Build finished because an error was encountered.

I have modified some of the paths and the password for security and privacy reasons.

The exe being signed can be read and modified and the certificate itself was generated by first importing a P12 certificate into the local store and then exporting it as a PFX.

[mdsystems]

Changing the options to use signtool.exe allows me to sign the application and installer, so it would appear to be an issue with the supplied digisign.exe application.

[Daniel]

Hello and welcome to our forums,

Instead of using our digisign.exe tool to sign the setup files, can you please configure Advanced Installer to use the Microsoft's SignTool.exe tool?

Just install the Windows SDK and then open Advanced Installer and go to "File" menu -> "Settings" -> "External Tools" menu. Then in the "Tools" dialog please check the "Use an external tool" option, under "Digital Signatures" section, and make sure a path to SignTool.exe is specified.

Then just rebuild and test again the build operation. If the build operation still fails, then for testing purposes only, just disable the signing option from "Digital Signature" page of your project, build the setup project and them try to sign manually the built setup with your certificate. To manually sign the setup you can just launch (i.e. from cmd.exe) SignTool with a signing command line.

All the best,
Daniel

[Daniel]

Thank you for your follow up on this. I'm glad you got the signing operation working by using SignTool.exe.

I can confirm you that our digisign.exe tool is now deprecated (due to some limitations it has) and the recommended settings are to configure Advanced Installer to use SignTool.exe for signing operation.

Just let us know if there is anything else we can assist you with.

All the best,
Daniel

[mdsystems]

Thanks for the suggestion and comment. I have updated the relevant projects.

[Daniel]

You are always welcome.

All the best,
Daniel