zak
Posts: 5
Joined: Mon Jan 15, 2024 8:26 am

Re: issues with advanced installer and DigiCert signing via azure. pipelines

Hello Catalin,

Yes, the signtool does not have it but as you can see in my previous comment the command I was talking about uses Digicert smctl

smctl sign --fingerprint <certificate fingerprint> --input <path to unsigned file or folder>

And that command is working outside the Advanced installer.

Thank you.
Catalin
Posts: 6736
Joined: Wed Jun 13, 2018 7:49 am

Re: issues with advanced installer and DigiCert signing via azure. pipelines

Hello,

If possible, could you please give me some more details about what error you're encountering when signing with the same command line from Advanced Installer?

Would be awesome if you could provide 2 screenshots, one of the "Digital Signature" page where your command line resides and one of the build error.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
bkuiper
Posts: 5
Joined: Tue Nov 08, 2022 10:44 am

Re: issues with advanced installer and DigiCert signing via azure. pipelines

I just wanted to let people now that we got a similar error message and through debugging and using the signtool.exe, instead of smctl, with debugging info we discovered that we exceeded our maximum of signatures:

Max Signatures consumed for the keypair xxxxxxxxxxxxxxx

We are working with Digicert to resolve this. I'm curious whether this is caused by Advanced Installer calling signing of each executable and dll separately instead of in a single call. which can amount to a lot of signings in a single project/installer build.
Catalin
Posts: 6736
Joined: Wed Jun 13, 2018 7:49 am

Re: issues with advanced installer and DigiCert signing via azure. pipelines

Hello Bjorn,

Thank you for your followup on this and for sharing the details with us - I am sure these will be of help for further users facing a similar scenario.
We are working with Digicert to resolve this. I'm curious whether this is caused by Advanced Installer calling signing of each executable and dll separately instead of in a single call. which can amount to a lot of signings in a single project/installer build.
This might indeed be a possible cause for this issue. However, this is quite interesting as I wasn't aware of any limitations when it comes to the number of files you can sign. Please keep us posted with more details from the DigiCert teams.

If that is indeed the reason, I might be able to present this to our dev team to see whether we can make an improvement regarding this - I am thinking that perhaps we have gone this way because signtool does not allow signing multiple files at once (or does it? I will have to further investigate this as well).

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”