The DigitalCertificate element is for: a) validating signatures on external cabinets (presumably built separately with makecab);
b) (MSI 3.0 and later) indicating the set of certificates which are allowed to sign patches that can be installed on a per-machine installation by non-privileged users (e.g. in UAC scenarios on Windows Vista, or as Standard User on Windows XP). For a) you create a DigitalCertificate (or DigitalCertificateRef) element under the appropriate Media element; for b) you list it under the PatchCertificates element. The Certificate element is for installing a certificate to one of the user or machine stores on the computer. In WiX 3.0 this is part of the IIS schema (predominantly used for installing server SSL certificates) but can be used even if you're not installing a website, for example you might want to install a self-signed corporate root certificate if you don't want to pay the signing tax for intranet servers ;) I don't think WiX has direct support for signing MSI files for the Attachment Security dialogs introduced in Windows XP SP2. Feel free to suggest it on the SourceForge suggestion tracker, if not already there ;) -- Mike Dimmick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ridd Sent: 09 October 2007 08:10 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Digitally signing packages The wix schema seems to have support for digitally signing packages - the DigitalCertificate element, the DigitalCertificateRef element - but I can't see how they're meant to be used. Presumably light has to have access to the certificate's private key at some point, and it isn't clear to me from the docs how it gets this. It also isn't clear what format the certificate's SourceFile has to be in. Is there a list somewhere of what CAs Microsoft trusts to issue code- signing certs? We're willing to pay the Verisign "tax", but would be happier paying someone else for a cert as long as it is trusted identically... Cheers, Chris ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
