Certificate error using custom sign tool for AI build

Having trouble running Advanced Installer? Got a bug to report? Post it all here.
Post Reply
kiranchauhan91
Posts: 24
Joined: Fri Jan 29, 2016 10:21 am

Certificate error using custom sign tool for AI build

Post by kiranchauhan91 » Thu May 16, 2019 12:41 pm

Hello,

We have purchased 'EV Code Signing' certificate which required USB token hardware. We have created a physical server where USB token is installed. To use that server, we have created a custom utility called "SignTool". This utility is assigned as a custom Signtool in advanced installer. So, it is called every time file is signed. This utility copies file to be signed to server where USB token is attached, invokes signtool command and once file is signed on that server, file is copied back to the original location. That way Advanced installer gets the signed files.

Build process works fine and I can also see certificate applied to MSI, CAB and EXE files. When we try to install EXE, it gives following error:

Code: Select all

Error 1330. A file that is required cannot be installed because the cabinet file <Cab filename> has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 0 was returned by WinVerifyTrust.
I have attached log and screen capture of the error.

When we select "EXE setup with resources next to it" option, and sign individual files on the sign server, installers works fine. So, looks like custom tool support for advanced installer is contributing to error. We need your expert advice on this issue.

Regards,
Kiran Chauhan
Attachments
Install error.PNG
Install error.PNG (9.63 KiB) Viewed 588 times
Installation Log.txt
(1.54 KiB) Downloaded 15 times

Daniel
Posts: 7849
Joined: Mon Apr 02, 2012 1:11 pm
Contact:

Re: Certificate error using custom sign tool for AI build

Post by Daniel » Mon May 20, 2019 1:47 pm

Hello Kiran,

I have tested and replicated the behavior when using the "Use file from disk" option from "Digital Signatures" page and when in "Digital Signatures" page there is a different certificate selected than the one used by your custom SignTool.exe at build time. In this case it seems we wrongly configure the MSI certification table with the certificate info selected in "Digital SIgnatures" page of your setup project and thus at install time there will be a certificate info mismatch.

This seems to be an Advanced Installer limitation at the present moment, thank you for bringing this to our attention. A fix will be added in a future version of Advanced Installer. We will update this forum thread when a fix is out.

Until then, as a workaround, you should go to "Digital Signatures" page and select the "Use from Personal certificate store" option. If you do not have any certificates in the Personal store of your current Windows user account, then you can even try to create a test one.

Hope this helped.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

kiranchauhan91
Posts: 24
Joined: Fri Jan 29, 2016 10:21 am

Re: Certificate error using custom sign tool for AI build

Post by kiranchauhan91 » Tue May 21, 2019 9:36 am

Hi Daniel,

I selected "Use a certificate from a system store" option and trying to select a certificate. I have installed certificate in Personal store but it does not show any certificate to choose from (see attached image). Does a cert needs to be stored at a particular location so that AI can pick it up?

Regards,
Kiran
Attachments
Cert.PNG
Cert.PNG (47.68 KiB) Viewed 542 times

Daniel
Posts: 7849
Joined: Mon Apr 02, 2012 1:11 pm
Contact:

Re: Certificate error using custom sign tool for AI build

Post by Daniel » Tue May 21, 2019 11:57 am

Hello Kiran,

This could happen if you have installed the certificate into the Personal store of your Local Machine store. Please note it should be installed under the current user account store (Advanced Installer application searches for certificates only under the store of the user account the application is currently running).

So, could you please follow these steps:

1. press [Windows] + [R] keys, type certmgr.msc and press enter
2. import your certificate under the "Personal" store of the certificates manager window
3. open your setup project in the Advanced Installer application and test again the above setting in "Digital Signatures" page

Let us know if this still doesn't work.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

kiranchauhan91
Posts: 24
Joined: Fri Jan 29, 2016 10:21 am

Re: Certificate error using custom sign tool for AI build

Post by kiranchauhan91 » Tue Jun 04, 2019 10:11 am

Hi Daniel,

I have tried the steps but still no luck. I have sent you email. Can you have a look and suggest troubleshooting steps.

Regards,
Kiran Chauhan

Daniel
Posts: 7849
Joined: Mon Apr 02, 2012 1:11 pm
Contact:

Re: Certificate error using custom sign tool for AI build

Post by Daniel » Tue Jun 04, 2019 12:38 pm

Hello Kiran,

I have sent you a debug version of Advanced Installer by email so we can try logging more details on your side.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

kiranchauhan91
Posts: 24
Joined: Fri Jan 29, 2016 10:21 am

Re: Certificate error using custom sign tool for AI build

Post by kiranchauhan91 » Tue Jun 04, 2019 1:40 pm

Hi Daniel,

I have emailed you log files.

Regards,
Kiran Chauhan

Catalin
Posts: 1528
Joined: Wed Jun 13, 2018 7:49 am

Re: Certificate error using custom sign tool for AI build

Post by Catalin » Tue Jul 09, 2019 11:55 am

Hello Kiran,

This was fixed in version 16.1 of Advanced Installer, released on July 2nd, 2019.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Post Reply