2

解决了!

希望大家能帮忙!

首先关。我浏览了我在 SO 以及 MSDN 等上可以找到的所有文章。

我正在尝试签署一个 installshield exe。

我有一个 Godaddy 代码签名证书,并且完全没有问题签署证书。我确实有一个问题,无论我做什么,我都会在其他所有计算机上得到 Publisher Unknown。

请参阅下面的输出。

底线:我在签署证书时没有遇到任何问题,但在 UAC 提示期间无法删除未知发布者错误(测试计算机可以访问互联网)

另外:如果我在验证时省略 /kp 选项,我会得到:SignTool 错误:已处理证书链,但在信任提供者不信任的根证书中终止。

最终更新:如果我运行 verify /pa /v temp\setup.exe,我会在验证中获得成功,但在未知发布时仍然会出错。/kp 选项在此标志上使用不正确。

步骤: %SIGNTOOL% 签名 /v /ac %BUILDROOT%%CERTPATH%%MSCERT% /f %BUILDROOT%%CERTPATH%%CERT% /p %CERTPW% /n "%COMPANY%" /t %TIMESTAMP% %BUILDROOT% %TEMPPATH%\setup.exe

输出:选择了以下证书:颁发给:%COMPANY NAME% 颁发者:Go Daddy Secure Certificate Authority - G2 过期:2013 年 6 月 22 日星期六 14:07:27 SHA1 哈希:612A38DDED199101442B09D884ED718BBE00D252

交叉证书链(使用机器存储):颁发给:Microsoft 代码验证根颁发者:Microsoft 代码验证根过期:2025 年 11 月 1 日星期六 09:54:03 SHA1 哈希:8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

    Issued to: Go Daddy Root Certificate Authority - G2
    Issued by: Microsoft Code Verification Root
    Expires:   Thu Apr 15 16:07:40 2021
    SHA1 hash: 842C5CB34B73BBC5ED8564BDEDA786967D7B42EF

        Issued to: Go Daddy Secure Certificate Authority - G2
        Issued by: Go Daddy Root Certificate Authority - G2
        Expires:   Sat May 03 03:00:00 2031
        SHA1 hash: 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8

            Issued to: %COMPANY NAME%
            Issued by: Go Daddy Secure Certificate Authority - G2
            Expires:   Sat Jun 22 14:07:27 2013
            SHA1 hash: 612A38DDED199101442B09D884ED718BBE00D252

完成添加其他存储已成功签名并加盖时间戳:c:\build\temp\setup.exe

成功签名的文件数:1 警告数:0 错误数:0

核实:

验证:c:\build\temp\setup.exe 文件哈希 (sha1):62F814EFC81400AD938AB9D9D49B36F7175A098A

签名证书链:颁发给:Go Daddy 根证书颁发机构 - G2 颁发者:Go Daddy 根证书颁发机构 - G2 过期:2037 年 12 月 31 日星期四 19:59:59 SHA1 哈希:47BEABC922EAE80E78783462A79F45C254FDE68B

    Issued to: Go Daddy Secure Certificate Authority - G2
    Issued by: Go Daddy Root Certificate Authority - G2
    Expires:   Sat May 03 03:00:00 2031
    SHA1 hash: 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8

        Issued to: %COMPANY NAME%
        Issued by: Go Daddy Secure Certificate Authority - G2
        Expires:   Sat Jun 22 14:07:27 2013
        SHA1 hash: 612A38DDED199101442B09D884ED718BBE00D252

签名的时间戳:Sun Jun 24 09:57:57 2012 Timestamp Verified by: Issued to: Thawte Timestamping CA Issued by: Thawte Timestamping CA Expires: Thu Dec 31 19:59:59 2020 SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

    Issued to: VeriSign Time Stamping Services CA
    Issued by: Thawte Timestamping CA
    Expires:   Tue Dec 03 19:59:59 2013
    SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

        Issued to: Symantec Time Stamping Services Signer - G3
        Issued by: VeriSign Time Stamping Services CA
        Expires:   Mon Dec 31 19:59:59 2012
        SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021

交叉证书链:颁发给:Microsoft 代码验证根颁发者:Microsoft 代码验证根过期:2025 年 11 月 1 日星期六 09:54:03 SHA1 哈希:8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

    Issued to: Go Daddy Root Certificate Authority - G2
    Issued by: Microsoft Code Verification Root
    Expires:   Thu Apr 15 16:07:40 2021
    SHA1 hash: 842C5CB34B73BBC5ED8564BDEDA786967D7B42EF

        Issued to: Go Daddy Secure Certificate Authority - G2
        Issued by: Go Daddy Root Certificate Authority - G2
        Expires:   Sat May 03 03:00:00 2031
        SHA1 hash: 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8

            Issued to: %COMPANY NAME%
            Issued by: Go Daddy Secure Certificate Authority - G2
            Expires:   Sat Jun 22 14:07:27 2013
            SHA1 hash: 612A38DDED199101442B09D884ED718BBE00D252

成功验证:c:\build\temp\setup.exe

成功验证的文件数:1 警告数:0 错误数:0

解决了!

问题是 exe 安装程序中的 MSI。setup.exe 文件已签名,但是当提取并运行内部的 msi 时,该文件未签名。两个都签了,错误就消失了!!!

4

0 回答 0