Click here to Skip to main content
15,867,686 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hello,

I have created one application in MFC with VC++ and created setup using visual studio 2010 deployment project. It create the .exe and .msi file.
I have purchased the digital code sign certificate and sign the setup.exe file.

What is my scenrio is .msi file is on my server location and I have set the "Install URL" property of deployment project with .msi URL.

Now what is my issue is when I run the setup.exe file it download the .msi file and going to install it. but before install it show the popup with following message :

"The publisher cound not be verified. Are oyu sure you want to run this software? "

Name : myapplication.msi
Publisher : Unknown publisher


so can anybody help me how to set publisher? I have purchaed the code sign digital certificate. but not sure how to sign .msi file with that. please help me on this.


Thanks in advance.
Posted

1 solution

Nobody can help you to set a publisher which can be verified unless you address to some certificate authority: http://en.wikipedia.org/wiki/Certificate_authority[^].

This will cost money though.

Most likely, you used self-signed certificate. This is fine if it is used by some person who knows you (for example, a member of your development team) and who received a public key or public key token independently from you. Then you have a reliable way to confirm that the MSI is signed by you and not by some malicious artist, because only you posses the private key you obtained while creating the certificate. This is the whole idea.

This is not the case if the user of MSI is the regular uses. For such person, both you and some malicious artist who could spoof you Web site (for example) could equally be an original author. For that reason, the system of certificate chains has been created.

See also:
http://en.wikipedia.org/wiki/Self-signed_certificate[^],
http://en.wikipedia.org/wiki/Identity_certificate[^],
http://en.wikipedia.org/wiki/Public-key_cryptography[^].

—SA
 
Share this answer
 
Comments
npdev13 28-May-13 10:49am    
Thanks for quick response.

Actually we are going to purchase the code sign certificate. but my question is how to attached it with the MSI file. I know using signcode.exe we can attach the digital certificate to our .exe file. but the main problem we have is we will distribute the .exe to internet and .msi file will be on our server. if both are not same place then that unknown publisher message not comes, it only comes when we run the .msi from internet.
Sergey Alexandrovich Kryukov 28-May-13 12:36pm    
I though you already did that and were only concern about verification of the MSI package. Here is what you do:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa371854%28v=vs.85%29.aspx

—SA
npdev13 29-May-13 0:55am    
Thanks for providing useful link.

I tried that link and able to sign the .exe and msi file. I can check the files proprties and see the digital signature tab there. Now just want to clear one thing is that this will not work for my self signed certificate, right?

I am doing all testing in my local only with the my own test certificate. And in IIS created one default website and put the .msi file there. All is in my local so it should display valid publisher but it still not display it. so I think it may be not working for test certificate but it should work with my real certificate.


Thanks,
Sergey Alexandrovich Kryukov 29-May-13 1:12am    
Your approach is quite good now. Everything should work with your self-signed certificate; I don't see why not. When you run MSI in a standard way, the published might not be shown in a clickable reference. Maybe you are missing some MSI option.
I must say, I did not try it myself yet, so you can just look for it. I don't know what do you use to build MSI.
—SA
npdev13 29-May-13 2:40am    
Yes I am also not getting why it not working. I am looking for same but still not getting what MSI option I am missing. Actually I am creating msi file using VS 2010 Deployment project.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900