Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VS2010 setup
Hello,
 
I have created one application in MFC with VC++ and created setup using visual studio 2010 deployment project. It create the .exe and .msi file.
I have purchased the digital code sign certificate and sign the setup.exe file.
 
What is my scenrio is .msi file is on my server location and I have set the "Install URL" property of deployment project with .msi URL.
 
Now what is my issue is when I run the setup.exe file it download the .msi file and going to install it. but before install it show the popup with following message :
 
"The publisher cound not be verified. Are oyu sure you want to run this software? "
 
Name : myapplication.msi
Publisher : Unknown publisher
 

so can anybody help me how to set publisher? I have purchaed the code sign digital certificate. but not sure how to sign .msi file with that. please help me on this.
 

Thanks in advance.
Posted 28-May-13 4:30am
tgeek0012.4K

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Nobody can help you to set a publisher which can be verified unless you address to some certificate authority: http://en.wikipedia.org/wiki/Certificate_authority[^].
 
This will cost money though.
 
Most likely, you used self-signed certificate. This is fine if it is used by some person who knows you (for example, a member of your development team) and who received a public key or public key token independently from you. Then you have a reliable way to confirm that the MSI is signed by you and not by some malicious artist, because only you posses the private key you obtained while creating the certificate. This is the whole idea.
 
This is not the case if the user of MSI is the regular uses. For such person, both you and some malicious artist who could spoof you Web site (for example) could equally be an original author. For that reason, the system of certificate chains has been created.
 
See also:
http://en.wikipedia.org/wiki/Self-signed_certificate[^],
http://en.wikipedia.org/wiki/Identity_certificate[^],
http://en.wikipedia.org/wiki/Public-key_cryptography[^].
 
—SA
  Permalink  
Comments
TechnoGeek001 at 28-May-13 10:49am
   
Thanks for quick response.
 
Actually we are going to purchase the code sign certificate. but my question is how to attached it with the MSI file. I know using signcode.exe we can attach the digital certificate to our .exe file. but the main problem we have is we will distribute the .exe to internet and .msi file will be on our server. if both are not same place then that unknown publisher message not comes, it only comes when we run the .msi from internet.
Sergey Alexandrovich Kryukov at 28-May-13 12:36pm
   
I though you already did that and were only concern about verification of the MSI package. Here is what you do:
 
http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa371854%28v=vs.85%29.aspx
 
—SA
TechnoGeek001 at 29-May-13 0:55am
   
Thanks for providing useful link.
 
I tried that link and able to sign the .exe and msi file. I can check the files proprties and see the digital signature tab there. Now just want to clear one thing is that this will not work for my self signed certificate, right?
 
I am doing all testing in my local only with the my own test certificate. And in IIS created one default website and put the .msi file there. All is in my local so it should display valid publisher but it still not display it. so I think it may be not working for test certificate but it should work with my real certificate.
 

Thanks,
Sergey Alexandrovich Kryukov at 29-May-13 1:12am
   
Your approach is quite good now. Everything should work with your self-signed certificate; I don't see why not. When you run MSI in a standard way, the published might not be shown in a clickable reference. Maybe you are missing some MSI option.
I must say, I did not try it myself yet, so you can just look for it. I don't know what do you use to build MSI.
—SA
TechnoGeek001 at 29-May-13 2:40am
   
Yes I am also not getting why it not working. I am looking for same but still not getting what MSI option I am missing. Actually I am creating msi file using VS 2010 Deployment project.
Sergey Alexandrovich Kryukov at 29-May-13 2:57am
   
After a while I may get back to this problem myself, as our product will also need signing. But it will take time. Also, I use WiX...
—SA
TechnoGeek001 at 29-May-13 3:14am
   
Ok if you find anything it looks which I may missing please let me know. but the information you provide upto now is useful so I am accepting this solution.
Sergey Alexandrovich Kryukov at 29-May-13 3:16am
   
Sure.
—SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 295
1 OriginalGriff 259
2 Sergey Alexandrovich Kryukov 205
3 Aajmot Sk 187
4 Sinisa Hajnal 176
0 OriginalGriff 7,800
1 Sergey Alexandrovich Kryukov 7,072
2 DamithSL 5,604
3 Manas Bhardwaj 4,986
4 Maciej Los 4,790


Advertise | Privacy | Mobile
Web04 | 2.8.1411023.1 | Last Updated 28 May 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100