Reputation: 547
"Unknown publisher" while starting properly signed installer
I have properly signed .msi that user can download from a web server. When the user runs it Windows gives her a warning about "Unknown Publisher". However if she looks at file properties ("Digital signatures") proper signature and certificate are in place. Cert path is VeriSign -> VeriSign Class 3 Code Signing 2010 CA -> My Company. We expect the user to see correct "My Company" name instead of "Unknown Publisher" in that dialog box. What is the reason for unexpected behavior?
Upvotes: 2
Views: 1599
Answers (1)
Reputation: 1602
I solved this problem by using the /ac switch for signtool. This switch takes a path to a certificate file, and allows you to add an additional certificate to the signature block of the signed file. I used "/ac AddTrustExternalCARoot.crt" to add Comodo's Root Code Signing (SHA-2) certificate to my msi file. I tested this on Windows 7 where I was having the problem.
The /ac switch is intended for signing kernel code, but it is also necessary to fix this issue. You'll still need to use /f or one of the other switches to use your code signing certificate.
Upvotes: 0
Related Questions
- Windows Installer Unknown Publisher
- What is causing to show Publisher to unknown on UAC despite signing exe using signtool
- Unknown Publisher issue with installer(exe/msi) build with visual studio 2019
- Having Issues With EV Code Signing
- How to resolve "Verified publisher: Unknown" message while running the setup prgram
- The signed MSI-package isn't liked by Windows
- Publisher Unknown after successfully running signTool
- Unknown publisher on security warning window
- signed/verified .exe gives unknown publisher
- User gets "publisher not verified" message when downloading my installer .exe - how can I avoid this?