Drop down for certificate store is now empty
I noticed this issue after 7.0 upgrade.
I updated today to 7.1.1
Still the certificate store is empty in this drop down. in 6.9 the drop down showed the many certs that appear in windows as well as my own cert.
I read through the thread on the windows kb but this does not seem to affect the cert store drop down list in AI
My cert appears in the digital store in Windows list of certs
We can manually test the sign tool outside if AI and it does seem to work.
The certificate with private key is located in the Local Computer store (not User)
Is this a bug we have to wait for a fix, or is there a workaround?
Any help appreciated.
Thanks!
Zapp
Suggested Articles
-
zappbrannigan
- Posts: 16
- Joined: Tue Jan 21, 2020 5:15 pm
Drop down for certificate store is now empty
- Attachments
-
- ai manual dig sign.png (434.65 KiB) Viewed 4715 times
-
- AICertstoreempty.png (16.15 KiB) Viewed 4715 times
Re: Drop down for certificate store is now empty
Hello Zapp,
This might be happening if your test certificate has a valability > 5 years.
We have recently added this improvement - to no longer display certificates with a valability > 5 years - in order to reduce the "noise" certificates (basically to make the list more compact).
In order to check the valability of a certificate you can open "certmgr.msc" --> the certificate store where your certificate is installed --> right click on your certificate --> "Open" --> "General" tab --> "Valid from" field.
In order to avoid this, you can create a new test certificate that will have the valability < 5 years (e.g. created now and expiring in 2024).
Hope this helps.
Best regards,
Catalin
This might be happening if your test certificate has a valability > 5 years.
We have recently added this improvement - to no longer display certificates with a valability > 5 years - in order to reduce the "noise" certificates (basically to make the list more compact).
In order to check the valability of a certificate you can open "certmgr.msc" --> the certificate store where your certificate is installed --> right click on your certificate --> "Open" --> "General" tab --> "Valid from" field.
In order to avoid this, you can create a new test certificate that will have the valability < 5 years (e.g. created now and expiring in 2024).
Hope this helps.
Best regards,
Catalin
-
zappbrannigan
- Posts: 16
- Joined: Tue Jan 21, 2020 5:15 pm
Re: Drop down for certificate store is now empty
Thanks that really helped.
I do see it in drop down list now. However I get a build error. As above the cert works outside of AI 7.1.1.
Ideas?
Using an Enterprise Trust cert. Moved from personal cert as those didn't show up in AI.
The digital signing of the external cabinets failed. Error message: 'Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-1073741823/0xc0000001)
SignTool Error: An unexpected internal error has occurred.
File "C:\Users\ward\Documents\Advanced Installer\Projects\PagesNetwork\PagesNetwork-cache\part8\PagesNetwork1.cab" can not be signed!
For a possible solution please check our Digital Signature FAQ from:
https://www.advancedinstaller.com/user- ... ature.html '
Advanced Installer 17.1.1 build f76db1ce
*** Stack Trace (x86) ***
[0x76922552] RaiseException()
[0x02562aba] -----
[0x01619dfd] -----
[0x0161963c] -----
[0x0155c4c0] -----
[0x015644d7] -----
[0x01440b65] -----
[0x01559ed0] -----
[0x01255bc1] -----
[0x01255bc9] -----
[0x01157094] -----
[0x0115f62e] -----
[0x01d52270] -----
[0x01137f61] -----
[0x77b066dd] RtlGetAppContainerNamedObjectPath()
[0x77b066ad] RtlGetAppContainerNamedObjectPath()
[0x00d60000] MODULE_BASE_ADDRESS
I do see it in drop down list now. However I get a build error. As above the cert works outside of AI 7.1.1.
Ideas?
Using an Enterprise Trust cert. Moved from personal cert as those didn't show up in AI.
The digital signing of the external cabinets failed. Error message: 'Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-1073741823/0xc0000001)
SignTool Error: An unexpected internal error has occurred.
File "C:\Users\ward\Documents\Advanced Installer\Projects\PagesNetwork\PagesNetwork-cache\part8\PagesNetwork1.cab" can not be signed!
For a possible solution please check our Digital Signature FAQ from:
https://www.advancedinstaller.com/user- ... ature.html '
Advanced Installer 17.1.1 build f76db1ce
*** Stack Trace (x86) ***
[0x76922552] RaiseException()
[0x02562aba] -----
[0x01619dfd] -----
[0x0161963c] -----
[0x0155c4c0] -----
[0x015644d7] -----
[0x01440b65] -----
[0x01559ed0] -----
[0x01255bc1] -----
[0x01255bc9] -----
[0x01157094] -----
[0x0115f62e] -----
[0x01d52270] -----
[0x01137f61] -----
[0x77b066dd] RtlGetAppContainerNamedObjectPath()
[0x77b066ad] RtlGetAppContainerNamedObjectPath()
[0x00d60000] MODULE_BASE_ADDRESS
Re: Drop down for certificate store is now empty
Hello Zapp,
In what regards the received error, I have tried to test this scenario on my machine and everything worked as expected.
I have manually created a test certificate and then I have installed it in the "Enterprise Trust" root.
After doing so, I have built a new MSI using the test certificate and everything worked as expected:
In order for me to further investigate this, could you please forward me a copy of your test certificate by e-mail at support at advancedinstaller dot com? I would like to test this on my end and see if I can reproduce the behavior.
Additionally, could you please let me know if you followed another approach when creating your test certificate? Maybe I have missed something in my scenario.
Also, could you please let me know how have you installed the certificate - "per-user" or "per-machine"?
Looking forward to hearing from you.
Best regards,
Catalin
You are always welcome!Thanks that really helped.
In what regards the received error, I have tried to test this scenario on my machine and everything worked as expected.
I have manually created a test certificate and then I have installed it in the "Enterprise Trust" root.
- TestCertCreation.png (39.47 KiB) Viewed 4643 times
- TestCertInstalled.png (175.82 KiB) Viewed 4643 times
After doing so, I have built a new MSI using the test certificate and everything worked as expected:
- Build.png (91.35 KiB) Viewed 4643 times
In order for me to further investigate this, could you please forward me a copy of your test certificate by e-mail at support at advancedinstaller dot com? I would like to test this on my end and see if I can reproduce the behavior.
Additionally, could you please let me know if you followed another approach when creating your test certificate? Maybe I have missed something in my scenario.
Also, could you please let me know how have you installed the certificate - "per-user" or "per-machine"?
Looking forward to hearing from you.
Best regards,
Catalin
-
zappbrannigan
- Posts: 16
- Joined: Tue Jan 21, 2020 5:15 pm
Re: Drop down for certificate store is now empty
Our cert is currently located in the local computer certificate store. The public certificate is linked to a HSM which holds the private key.
We launch AI as an admin and user building is an admin.
I built a new test project exe and it comes with below error:
The digital signing of the external cabinets failed. Error message: 'Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-1073741823/0xc0000001)
SignTool Error: An unexpected internal error has occurred.
File "C:\Users\choward\Documents\Advanced Installer\Projects\PagesNetwork\testdigsig-cache\part2\testdigsig1.cab" can not be signed!
For a possible solution please check our Digital Signature FAQ from:
https://www.advancedinstaller.com/user- ... ature.html
Cab file "C:\Users\choward\Documents\Advanced Installer\Projects\PagesNetwork\testdigsig-cache\part2\testdigsig1.cab" is too small to be signed'
Advanced Installer 17.1.1 build f76db1ce
*** Stack Trace (x86) ***
[0x76922552] RaiseException()
[0x01ae2aba] -----
[0x00b99dfd] -----
[0x00b9963c] -----
[0x00adc4c0] -----
[0x00ae44d7] -----
[0x009c0b65] -----
[0x00ad9ed0] -----
[0x00989680] -----
[0x007d5bc1] -----
[0x007d5bc9] -----
[0x006d7094] -----
[0x006df62e] -----
[0x012d2270] -----
[0x006b7f61] -----
[0x77b066dd] RtlGetAppContainerNamedObjectPath()
[0x77b066ad] RtlGetAppContainerNamedObjectPath()
[0x002e0000] MODULE_BASE_ADDRESS
We launch AI as an admin and user building is an admin.
I built a new test project exe and it comes with below error:
The digital signing of the external cabinets failed. Error message: 'Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-1073741823/0xc0000001)
SignTool Error: An unexpected internal error has occurred.
File "C:\Users\choward\Documents\Advanced Installer\Projects\PagesNetwork\testdigsig-cache\part2\testdigsig1.cab" can not be signed!
For a possible solution please check our Digital Signature FAQ from:
https://www.advancedinstaller.com/user- ... ature.html
Cab file "C:\Users\choward\Documents\Advanced Installer\Projects\PagesNetwork\testdigsig-cache\part2\testdigsig1.cab" is too small to be signed'
Advanced Installer 17.1.1 build f76db1ce
*** Stack Trace (x86) ***
[0x76922552] RaiseException()
[0x01ae2aba] -----
[0x00b99dfd] -----
[0x00b9963c] -----
[0x00adc4c0] -----
[0x00ae44d7] -----
[0x009c0b65] -----
[0x00ad9ed0] -----
[0x00989680] -----
[0x007d5bc1] -----
[0x007d5bc9] -----
[0x006d7094] -----
[0x006df62e] -----
[0x012d2270] -----
[0x006b7f61] -----
[0x77b066dd] RtlGetAppContainerNamedObjectPath()
[0x77b066ad] RtlGetAppContainerNamedObjectPath()
[0x002e0000] MODULE_BASE_ADDRESS
Re: Drop down for certificate store is now empty
Hello Zapp,
First of all, I apologize for the delayed reply.
Thank you for the information provided so far.
I have done some further testing and I was indeed able to replicate the behavior.
Please give us some more time to further investigate this and as soon as I will reach a conclusion, I will let you know.
Best regards,
Catalin
First of all, I apologize for the delayed reply.
Thank you for the information provided so far.
I have done some further testing and I was indeed able to replicate the behavior.
Please give us some more time to further investigate this and as soon as I will reach a conclusion, I will let you know.
Best regards,
Catalin
Re: Drop down for certificate store is now empty
Hello Zapp,
As a followup to my last thread.
I have further investigated this and it looks like I was able to isolate this behavior.
Since this is a testing scenario for you as well, you might be in the same case. So, here are the steps that I took in order to reproduce this:
- create a new test certificate and install it under "Local Machine" --> "Enterprise Trust"
- launch Advanced Installer elevated
- create a new project
- "Builds" page --> "Exe setup with resources next to it"
- add an empty .txt file in the "Files and Folders" page --> "Application Folder"
- "Digital Signature" page --> "Enable Signing" --> from the dropdown, choose the earlier installed certificate
- build the project
When I'm doing so, I am indeed able to replicate the bahvior.
After some more testing, I've noticed that this only happens when the file added in the .CAB is empty (0 KB). If, for instance, you edit the .txt file and add a single letter in it => the size will now be ~1KB --> the error no longer reproduces.
Could you please let me know if your scenario is the same as mine?
Fortunately, this error should not be reproducible in other scenarios than test scenarios (it should not be reproducible in production).
Anyway, I will forward this to the development team and hopefully this will be fixed in a future version of Advanced Installer.
Best regards,
Catalin
As a followup to my last thread.
I have further investigated this and it looks like I was able to isolate this behavior.
Since this is a testing scenario for you as well, you might be in the same case. So, here are the steps that I took in order to reproduce this:
- create a new test certificate and install it under "Local Machine" --> "Enterprise Trust"
- launch Advanced Installer elevated
- create a new project
- "Builds" page --> "Exe setup with resources next to it"
- add an empty .txt file in the "Files and Folders" page --> "Application Folder"
- "Digital Signature" page --> "Enable Signing" --> from the dropdown, choose the earlier installed certificate
- build the project
When I'm doing so, I am indeed able to replicate the bahvior.
After some more testing, I've noticed that this only happens when the file added in the .CAB is empty (0 KB). If, for instance, you edit the .txt file and add a single letter in it => the size will now be ~1KB --> the error no longer reproduces.
Could you please let me know if your scenario is the same as mine?
Fortunately, this error should not be reproducible in other scenarios than test scenarios (it should not be reproducible in production).
Anyway, I will forward this to the development team and hopefully this will be fixed in a future version of Advanced Installer.
Best regards,
Catalin