Hello Catalin,
Yes, the signtool does not have it but as you can see in my previous comment the command I was talking about uses Digicert smctl
smctl sign --fingerprint <certificate fingerprint> --input <path to unsigned file or folder>
And that command is working outside the Advanced installer.
Thank you.
Suggested Articles
Re: issues with advanced installer and DigiCert signing via azure. pipelines
Hello,
If possible, could you please give me some more details about what error you're encountering when signing with the same command line from Advanced Installer?
Would be awesome if you could provide 2 screenshots, one of the "Digital Signature" page where your command line resides and one of the build error.
Best regards,
Catalin
If possible, could you please give me some more details about what error you're encountering when signing with the same command line from Advanced Installer?
Would be awesome if you could provide 2 screenshots, one of the "Digital Signature" page where your command line resides and one of the build error.
Best regards,
Catalin
Re: issues with advanced installer and DigiCert signing via azure. pipelines
I just wanted to let people now that we got a similar error message and through debugging and using the signtool.exe, instead of smctl, with debugging info we discovered that we exceeded our maximum of signatures:
Max Signatures consumed for the keypair xxxxxxxxxxxxxxx
We are working with Digicert to resolve this. I'm curious whether this is caused by Advanced Installer calling signing of each executable and dll separately instead of in a single call. which can amount to a lot of signings in a single project/installer build.
Max Signatures consumed for the keypair xxxxxxxxxxxxxxx
We are working with Digicert to resolve this. I'm curious whether this is caused by Advanced Installer calling signing of each executable and dll separately instead of in a single call. which can amount to a lot of signings in a single project/installer build.
Re: issues with advanced installer and DigiCert signing via azure. pipelines
Hello Bjorn,
Thank you for your followup on this and for sharing the details with us - I am sure these will be of help for further users facing a similar scenario.
If that is indeed the reason, I might be able to present this to our dev team to see whether we can make an improvement regarding this - I am thinking that perhaps we have gone this way because signtool does not allow signing multiple files at once (or does it? I will have to further investigate this as well).
Best regards,
Catalin
Thank you for your followup on this and for sharing the details with us - I am sure these will be of help for further users facing a similar scenario.
This might indeed be a possible cause for this issue. However, this is quite interesting as I wasn't aware of any limitations when it comes to the number of files you can sign. Please keep us posted with more details from the DigiCert teams.We are working with Digicert to resolve this. I'm curious whether this is caused by Advanced Installer calling signing of each executable and dll separately instead of in a single call. which can amount to a lot of signings in a single project/installer build.
If that is indeed the reason, I might be able to present this to our dev team to see whether we can make an improvement regarding this - I am thinking that perhaps we have gone this way because signtool does not allow signing multiple files at once (or does it? I will have to further investigate this as well).
Best regards,
Catalin