I've tried a couple of other things here, but with no luck yet. Signing with the sha1 hash from the store had no effect (which I sort of expected). I checked the certificates again though, and I noticed something strange. The .cer file that I'm including in the msi has exactly the same properties as the certificate that's attached to the msi and msp files after running signtool, but the cert on the msi and msp has a new field in the Details tab for Extended Error Information (Revocation Status : OK. Effective Date <Wednesday, July 01, 2009 9:18:18 AM> Next Update <Wednesday, July 08, 2009 9:38:18 PM>) (Right click on the MSI, go to the Digital Signatures tab, and then view the certificate). This appears to have been added by the signing tool. I tried exporting this certificate from the file as another .cer, but then this field was missing, so something strange is going on here.
This might be a dead end, but right now it's the only thing I can see that's different between the two certs. Does anyone have any other ideas why I'm getting this msi error: MSI (c) (24:FC) [15:23:03:419]: Certificate of signed file 'C:\Users\STANDA~1\AppData\Local\Temp\13f7987.msp' differs in size with the certificate authored in the package -----Original Message----- From: Chris Bardon [mailto:cbar...@computer-talk.com] Sent: Thursday, July 02, 2009 5:48 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Patching a product without elevation I used a CA on windows server 03 to create a code signing certificate (through the web enrollment tool), installed the cert to my dev machine's store, then exported from the store twice. Once to generate the PFX I used for signing, and then once for the .cer file I included in the msi. ________________________________________ From: Rafael Rivera [raf...@withinwindows.com] Sent: Thursday, July 02, 2009 4:03 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Patching a product without elevation MSI (c) (24:FC) [15:23:03:419]: Certificate of signed file 'C:\Users\STANDA~1\AppData\Local\Temp\13f7987.msp' differs in size with the certificate authored in the package How did you generate your .cer? - Rafael Chris Bardon wrote: > I did run signtool against the packages, with the command lines in the first > part of the post. > > I also forgot to point out a couple of other changes to the demo code. I > changed the installer version to 300, and I set ALLUSERS to 1 to make sure > that I installed per-machine to start with. > > Something strange that I noticed in the patch log: > > [snipped] > > > -----Original Message----- > From: Rafael Rivera [mailto:raf...@withinwindows.com] > Sent: Thursday, July 02, 2009 3:17 PM > To: General discussion for Windows Installer XML toolset. > Subject: Re: [WiX-users] Patching a product without elevation > > Chris, > > Those elements appear to simply identify what certificate should be > given the green light for patching. I believe you still need to > digitally sign the resulting MSI using signtool.exe. > > - Rafael > > Chris Bardon wrote: > >> My goal for getting patching to work is to be able to deploy an application >> that can be patched by a non-admin user, but I'm running into a problem. >> I've created the patching sample in the documentation, and the patch works >> when it's elevated, but whether or not it's signed, the patch is still >> prompting for elevation. I'm signing both the patch and the original MSI >> with this command lines: >> >> signtool.exe sign /f signcert.pfx /p 288 /d "Patch Test application!" >> product.msi >> signtool.exe sign /f signcert.pfx /p 288 /d "Patch Test application!" >> patch.msp >> >> I've also modified the product msi from the example so that it includes this >> markup: >> >> <PatchCertificates> >> <DigitalCertificate SourceFile="signcert.cer" Id="signcert"/> >> </PatchCertificates> >> >> If I look at the properties of the files, both of them have a digital >> signature from the same certificate, and both are identified as valid. When >> I run the patch as a non-administrator though, I get an elevation prompt >> asking to install from an unknown publisher-the original installer correctly >> identified my certificate. Is there something else I'm missing? I saw the >> article in MSDN here >> (http://msdn.microsoft.com/en-us/library/aa372388%28VS.85%29.aspx), which >> pointed me to the MsiPatchCcertificate table and the PatchCertificates >> element. I've tried adding the cert both as the pfx file and as a base-64 >> encoded cer with the same effect. Is there something else that I'm missing >> here? Why is the patch still reporting itself as an unknown publisher? >> >> Thanks for the help everyone, >> >> Chris >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users >> >> > > > ------------------------------------------------------------------------------ > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > ------------------------------------------------------------------------------ > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > ------------------------------------------------------------------------------ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
