[wix-users] Certificate is not removed in my version of IIS custom action

Mihajlo Cvetanović mcvetanovic at gmail.com
Fri Jan 12 06:33:12 PST 2018

I want to use my own CA to (un)install certificates, to avoid error 26352.
So I took lots of code from wix3 github, tweaked it, and successfully
installed certificates when I register them in my own table MyCertificate:

    <CustomTable Id="MyCertificate">
        <Data Column="Certificate">CertRowIdentifier</Data>
        <Data Column="Component_">ComponentIdentifier</Data>
        <Data Column="Name">Cert friendly name</Data>
        <Data Column="StoreLocation">2</Data>
        <Data Column="StoreName">root</Data>
        <Data Column="Attributes">2</Data>
        <Data Column="Binary_">CertBinaryIdentifier</Data>

I believe <iis:Certificate> element does more or less the same thing (just
inserts one row in its own Certificate table).

Problem is that certificates don't get removed on uninstall. In my version
of ConfigureCertificates function (just changed the names of tables and
custom actions in string literals) the call to MsiGetComponentStateW
sets isInstalled variable to INSTALLSTATE_LOCAL and isAction
to INSTALLSTATE_UNKNOWN, and so a couple of lines below the
function WcaIsUninstalling returns 0. Even though uninstall is in progress.

What am I doing wrong? Here's mentioned code from ConfigureCertificates, so
you don't have to consult guthub. BTW WcaLog doesn't write to log file,
don't know why:

        er = ::MsiGetComponentStateW(WcaGetInstallHandle(), pwzComponent,
&isInstalled, &isAction);
        hr = HRESULT_FROM_WIN32(er);
        ExitOnFailure1(hr, "failed to get state for component: %ls",

        if (!(WcaIsInstalling(isInstalled, isAction) && SCA_ACTION_INSTALL
== saAction) &&
            !(WcaIsUninstalling(isInstalled, isAction) &&
            !(WcaIsReInstalling(isInstalled, isAction)))
            WcaLog(LOGMSG_VERBOSE, "Skipping non-action certificate: %ls",

It's maybe important, maybe not, but I commented out the code in
scacert.cpp that writes certificate hashes to CertificateHash table
(function WcaAddTempRecord(..., L"CertificateHash", ...)), because I don't
know how to replicate that part, and simply adding my version of this
custom table "doesn't work".

More information about the wix-users mailing list