签署InstallShield安装程序并包括中间证书的最佳实践 [英] Best practice to sign InstallShield setup and include intermediate certificates

问题描述

我有证书来签署我的InstallShield安装程序。当我们今年更新证书时，它现在取决于中间证书 thawte代码签名ca-g2。

I have thwte certificate to sign my InstallShield setup. When we updated our certificate this year, it now depends on intermediate certificate "thawte code signing ca - g2".

我们担心许多客户可能未安装此中间根证书（实际上，我们自己的构建服务器没有该证书，因此更新后构建已开始失败）证书），因此他们将收到未验证的发布者错误。

We fear that many of our customers might not have this intermediate root certificate installed (in fact our own build server did not have it and so build had started to fail after renewing the certificate) and thus they will get the "unverified publisher" error.

分发中间证书的最佳实践是什么？有什么方法可以改变认证路径，使其仅取决于更常见的 Thawte代码签名ca吗？

What is the best practice to distribute that intermediate certificate? Is there any way to change the certification path so that it just depends on more common "thawte code signing ca"?

我将非常感谢您的帮助。

I would greatly appreciate any help.

谢谢，
Sanjay

Thanks, Sanjay

推荐答案

我终于弄清楚了这个问题。事实证明，导出时可以在pfx文件中包括证书根。以下是我在安装了thawte证书的Windows计算机上执行的操作。
1.从开始->运行-> certmgr.msc中打开证书存储区
2.导出证书。
3.确保也选择包含私钥。
4.然后，您可以选择包含根证书-默认情况下未选中。检查它。

I finally figured out the issue. It turns out there is an option to include certificate roots in the pfx file when you export it. Following is what i followed on my Windows machine where I had installed the certificate that i got from thawte. 1. Open certificate store from Start->Run->certmgr.msc 2. Export the certificate. 3. Ensure to select to include private key as well. 4. Then you get an option to include root certificates - this is unchecked by default. Check it.

这篇关于签署InstallShield安装程序并包括中间证书的最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！