[wix-users] Custom Action DLL digitally signed with SHA2 throws 1723 and 1157 error in Windows 7 and 8 environments
Rob Mensching
rob at firegiant.com
Mon Dec 5 08:58:32 PST 2016
Dual signing is definitely a good idea (what Darren said). After that, ensure machine is up to date (what Phil said).
_____________________________________________________________
Short replies here. Complete answers over there: http://www.firegiant.com/
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Phill Hogland
Sent: Monday, December 5, 2016 7:16 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Custom Action DLL digitally signed with SHA2 throws 1723 and 1157 error in Windows 7 and 8 environments
When I have seen this issue, generally on Windows 7 on an isolated network or not fully updated, we ask the user to a) apply the Microsoft updates related to adding SHA2 support to the OS, and b) update their root certificates. This has been a messy situation in part due to different versions of the Microsoft updates which were released and yet which did not work. So some users report that they are "up to date" yet their OS still does not support SHA2 and the errors are observed. However we have found that even when applying the suggested Microsoft updates does not work, if they apply the latest .Net update (4.5.2 or 4.6.1) that seems to resolve the problem, and then they can use our SHA2 bundles/setup packages.
I do not have a dual signing certificate so I can't comment on that approach, except that the core problem, as I understand it, is that Win 7 did not originally support SHA2 and it needs to be updated to achieve that functional support.
More information about the wix-users
mailing list