> The wix schema seems to have support for digitally signing packages - > the DigitalCertificate element, the DigitalCertificateRef element - > but I can't see how they're meant to be used. > > Presumably light has to have access to the certificate's private key > at some point, and it isn't clear to me from the docs how it gets > this. It also isn't clear what format the certificate's SourceFile > has to be in.
I don't think that the DigitalCertificate element is used to sign MSIs, it's for installing certificates for web sites (I'm not sure since I don't use it). You sign your MSI after it's been created using either SIGNTOOL.EXE, PowerShell's Set-AuthenticodeSignature cmdlet or MSBuild's SignFile task. > > Is there a list somewhere of what CAs Microsoft trusts to issue code- > signing certs? We're willing to pay the Verisign "tax", but would be > happier paying someone else for a cert as long as it is trusted > identically... We bought ours from Thawte and haven't had any problems. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users