[wix-users] Unknown publisher UAC in Windows 7 only
Steve De George
stevedegeorge at pivotalz.com
Wed Sep 6 10:10:36 PDT 2017
Win 7 machine is connected to the internet and is at least SP1. It is a test machine and has not been used in a few months so I am updating it now.
On the Windows 7 machine the Bundle shows dual signed certs in the 'Digital signatures' tab: SHA256 and SHA1
I use this powershell (run from TeamCity) script to sign everything. The MSI is signed in a different step and I checked and it's 'Digital signatures' tab shows SHA256
rem # --- extract the burn engine
"%env.wix%bin\insignia.exe" -ib "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\%env.output_file_name% Setup v%env.PATCH_TC_i2xVer%-%build.number%.exe" -o "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\engine.exe"
rem # --- sign it
signtool.exe sign /f "%system.teamcity.build.checkoutDir%\NGS Code Signing Cert 2015.pfx" /p password /fd sha1 /t http://timestamp.comodoca.com /d "i2x for Quickbooks" /du "http://www.nextgensoftware.com" "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\engine.exe"
signtool.exe sign /f "%system.teamcity.build.checkoutDir%\NGS Code Signing Cert 2015.pfx" /p password /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as /d "i2x for Quickbooks" /du "http://www.nextgensoftware.com" "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\engine.exe"
rem # --- put it back into the bundle
"%env.wix%bin\insignia" -ab "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\engine.exe" "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\%env.output_file_name% Setup v%env.PATCH_TC_i2xVer%-%build.number%.exe" -o "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\%env.output_file_name% Setup v%env.PATCH_TC_i2xVer%-%build.number%.exe"
rem # --- sign the bundle
signtool.exe sign /f "%system.teamcity.build.checkoutDir%\NGS Code Signing Cert 2015.pfx" /p password /fd sha1 /t http://timestamp.comodoca.com /d "i2x for Quickbooks" /du "http://www.nextgensoftware.com" "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\%env.output_file_name% Setup v%env.PATCH_TC_i2xVer%-%build.number%.exe"
signtool.exe sign /f "%system.teamcity.build.checkoutDir%\NGS Code Signing Cert 2015.pfx" /p password /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as /d "i2x for Quickbooks" /du "http://www.nextgensoftware.com" "%system.teamcity.build.checkoutDir%\i2x.net\MSI Setups\i2x Bootstrapper\bin\release\%env.output_file_name% Setup v%env.PATCH_TC_i2xVer%-%build.number%.exe"
Steve De George - Pivotal Z / NextGen Software, Inc.
253-656-4061
www.pivotalz.com<http://www.pivotalz.com/>
www.nextgensoftware.com<http://www.nextgensoftware.com/>
________________________________
From: Hoover, Jacob <Jacob.Hoover at greenheck.com>
Sent: Wednesday, September 6, 2017 9:54:11 AM
To: WiX Toolset Users Mailing List
Cc: Steve De George
Subject: RE: Unknown publisher UAC in Windows 7 only
Is the Win 7 machine connected to the internet? Has it had all the windows updates applied?
When you look at the bundle on the Win7 machine, what does the certificate look like?
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Steve De George via wix-users
Sent: Wednesday, September 6, 2017 11:35 AM
To: wix-users at lists.wixtoolset.org
Cc: Steve De George <stevedegeorge at pivotalz.com>
Subject: [wix-users] Unknown publisher UAC in Windows 7 only
Hi all.
I am having an issue with the elevated prompt showing 'Unknown' publisher from my burn engine.
Everything works fine in Windows Server 2008, 2012, 2016 and Windows 10. It only fails on Windows 7 SP1.
Both the burn engine and the bundle are signed with SHA256 and SHA1. The MSI is signed with SHA256 and looking at the properties of the installer you can see the digital signatures.
I have been trying to fix this for 2 days now. Why would it fail on Windows 7?
Anybody seen this before?
Thanks.
Steve De George - Pivotal Z / NextGen Software, Inc.
253-656-4061
www.pivotalz.com<http://www.pivotalz.com/>
www.nextgensoftware.com<http://www.nextgensoftware.com/<http://www.nextgensoftware.com<http://www.nextgensoftware.com/>>
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
More information about the wix-users
mailing list