解决了!
希望大家能帮忙!
首先关。我浏览了我在 SO 以及 MSDN 等上可以找到的所有文章。
我正在尝试签署一个 installshield exe。
我有一个 Godaddy 代码签名证书,并且完全没有问题签署证书。我确实有一个问题,无论我做什么,我都会在其他所有计算机上得到 Publisher Unknown。
请参阅下面的输出。
底线:我在签署证书时没有遇到任何问题,但在 UAC 提示期间无法删除未知发布者错误(测试计算机可以访问互联网)
另外:如果我在验证时省略 /kp 选项,我会得到:SignTool 错误:已处理证书链,但在信任提供者不信任的根证书中终止。
最终更新:如果我运行 verify /pa /v temp\setup.exe,我会在验证中获得成功,但在未知发布时仍然会出错。/kp 选项在此标志上使用不正确。
步骤: %SIGNTOOL% 签名 /v /ac %BUILDROOT%%CERTPATH%%MSCERT% /f %BUILDROOT%%CERTPATH%%CERT% /p %CERTPW% /n "%COMPANY%" /t %TIMESTAMP% %BUILDROOT% %TEMPPATH%\setup.exe
输出:选择了以下证书:颁发给:%COMPANY NAME% 颁发者:Go Daddy Secure Certificate Authority - G2 过期:2013 年 6 月 22 日星期六 14:07:27 SHA1 哈希:612A38DDED199101442B09D884ED718BBE00D252
交叉证书链(使用机器存储):颁发给:Microsoft 代码验证根颁发者:Microsoft 代码验证根过期:2025 年 11 月 1 日星期六 09:54:03 SHA1 哈希:8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: Go Daddy Root Certificate Authority - G2
Issued by: Microsoft Code Verification Root
Expires: Thu Apr 15 16:07:40 2021
SHA1 hash: 842C5CB34B73BBC5ED8564BDEDA786967D7B42EF
Issued to: Go Daddy Secure Certificate Authority - G2
Issued by: Go Daddy Root Certificate Authority - G2
Expires: Sat May 03 03:00:00 2031
SHA1 hash: 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Issued to: %COMPANY NAME%
Issued by: Go Daddy Secure Certificate Authority - G2
Expires: Sat Jun 22 14:07:27 2013
SHA1 hash: 612A38DDED199101442B09D884ED718BBE00D252
完成添加其他存储已成功签名并加盖时间戳:c:\build\temp\setup.exe
成功签名的文件数:1 警告数:0 错误数:0
核实:
验证:c:\build\temp\setup.exe 文件哈希 (sha1):62F814EFC81400AD938AB9D9D49B36F7175A098A
签名证书链:颁发给:Go Daddy 根证书颁发机构 - G2 颁发者:Go Daddy 根证书颁发机构 - G2 过期:2037 年 12 月 31 日星期四 19:59:59 SHA1 哈希:47BEABC922EAE80E78783462A79F45C254FDE68B
Issued to: Go Daddy Secure Certificate Authority - G2
Issued by: Go Daddy Root Certificate Authority - G2
Expires: Sat May 03 03:00:00 2031
SHA1 hash: 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Issued to: %COMPANY NAME%
Issued by: Go Daddy Secure Certificate Authority - G2
Expires: Sat Jun 22 14:07:27 2013
SHA1 hash: 612A38DDED199101442B09D884ED718BBE00D252
签名的时间戳:Sun Jun 24 09:57:57 2012 Timestamp Verified by: Issued to: Thawte Timestamping CA Issued by: Thawte Timestamping CA Expires: Thu Dec 31 19:59:59 2020 SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: Tue Dec 03 19:59:59 2013
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: Symantec Time Stamping Services Signer - G3
Issued by: VeriSign Time Stamping Services CA
Expires: Mon Dec 31 19:59:59 2012
SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
交叉证书链:颁发给:Microsoft 代码验证根颁发者:Microsoft 代码验证根过期:2025 年 11 月 1 日星期六 09:54:03 SHA1 哈希:8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: Go Daddy Root Certificate Authority - G2
Issued by: Microsoft Code Verification Root
Expires: Thu Apr 15 16:07:40 2021
SHA1 hash: 842C5CB34B73BBC5ED8564BDEDA786967D7B42EF
Issued to: Go Daddy Secure Certificate Authority - G2
Issued by: Go Daddy Root Certificate Authority - G2
Expires: Sat May 03 03:00:00 2031
SHA1 hash: 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Issued to: %COMPANY NAME%
Issued by: Go Daddy Secure Certificate Authority - G2
Expires: Sat Jun 22 14:07:27 2013
SHA1 hash: 612A38DDED199101442B09D884ED718BBE00D252
成功验证:c:\build\temp\setup.exe
成功验证的文件数:1 警告数:0 错误数:0
解决了!
问题是 exe 安装程序中的 MSI。setup.exe 文件已签名,但是当提取并运行内部的 msi 时,该文件未签名。两个都签了,错误就消失了!!!