[wix-users] DetectCondition for MsuPackage for KB3033929
Rob Mensching
rob at firegiant.com
Thu Sep 15 13:23:40 PDT 2016
I highly recommend DigiCert (https://www.digicert.com/). They support SHA1 for this very reason and reissues are free.
In fact, I just had to go through the process to reissue for a SHA1 to dual-sign FireGiant's newly launched WiX Expansion Pack (https://www.firegiant.com/products/wix-expansion-pack/).
If you want 25% off your order, send me a direct email and I'll send you a referral (I don't care about the Amazon gift card they send, if 25% off is what it takes to get you to a better certificate provider <smile/>).
_____________________________________________________________
Short replies here. Complete answers over there: http://www.firegiant.com/
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Phill Hogland
Sent: Thursday, September 15, 2016 1:10 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] DetectCondition for MsuPackage for KB3033929
We ship SHA2 signed packages, as we no longer have a SHA1 and the vendor would not renew it prior to it expiring. I believe that there may be issues with using the SHA1 after 1/2017.
We have many Win7 "isolated" network users, and we often have users who report installing KB3033929 but still cannot run a setup that is SHA2 signed. Sometimes they can resolve it by also updating their root certificates. Other times they cannot find any solution. Recently users have reported resolving this problem by installing either NetFx452 or NetFx461 (even if they already have NetFx45 which is the minimum we require). I have not tried to integrate the msu into my bundles because of the inconsistency in resolving the issue. We referrer users to Microsoft Support, but it has been a real pain because of the prior releases related to KB3033929 which broke certain systems.
________________________________
From: wix-users <wix-users-bounces at lists.wixtoolset.org> on behalf of Tyler Gustafson <tgustafson at solacom.com>
Sent: Thursday, September 15, 2016 12:40:19 PM
To: WiX Toolset Users Mailing List
Subject: Re: [wix-users] DetectCondition for MsuPackage for KB3033929
Ouch, sorry to hear that.
Personally I would document the problem away at this point or possibly look for another way to get the SHA-1 certificate back instead of having my installer tell the customer they need Windows Updates.
If you really want to go that route I'm not any more helpful than Google on this topic but maybe someone else on here has more experience with WiX and .msu
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Mridul Pentapalli
Sent: September-15-16 11:42 AM
To: WiX Toolset Users Mailing List
Subject: Re: [wix-users] DetectCondition for MsuPackage for KB3033929
That is true, until you find that your SHA-1 certificate expired last week and that your certificate provider no longer provides SHA-1 certificates any more. We were dual signing our drivers until last week.
Mridul.
More information about the wix-users
mailing list