如何签署 MSI? [英] How to sign an MSI?

问题描述

我的公司希望防止在客户安装我们的产品时出现 UAC 弹出窗口.我们从 VeriSign(VeriSign Class 3 Code Signing 2010 CA)购买了一个证书，我得到了一个 MyCompany.cer 文件.

My company wants to prevent the UAC popup that appears when customers install our product. We purchased a certificate from VeriSign (VeriSign Class 3 Code Signing 2010 CA) and I got a MyCompany.cer file.

我通过双击证书并选择个人"商店来安装证书.它现在与其他几个证书一起出现在证书管理单元中.该管理单元表示其预期目的是代码签名".我通过复制指纹获得了 SHA1 哈希.

I installed the cert by double-clicking it and selecting the "Personal" store. It now appears in the Certificates snapin, along with several other certs. The snapin says its intended purpose is "Code Signing". I got the SHA1 hash by copying the thumbprint.

我尝试使用以下命令对 msi 进行签名:

I try to sign the msi with this command:

signtool sign /sha1 <thumbprint> myInstaller.msi

并收到消息SignTool 错误:未找到符合所有给定条件的证书."

and get a message "SignTool Error: No certificates were found that met all the given criteria."

如果我去掉/sha1"，我会得到商店中大多数其他证书的列表——那些说它们的预期目的是<All>"的证书我的证书未列出.

If I leave off the "/sha1 " I get a list of most of the other certs in the store - the ones that say their intended purpose is "<All>" My cert isn't listed.

我做错了什么?

推荐答案

这已经很老了，但我希望它对某人有所帮助.

This is pretty old but I hope it helps someone.

首先，您需要检查您是否拥有该 .cer 文件的私钥，如果您打开它，您应该会在某处看到一个 Key 图标，后跟以下句子:

First of all you need to check that you have a Private Key for that .cer file, If you open it you should see a Key icon somewhere followed by the sentence:

You have a private key for this certificate

请注意，您必须在生成密钥对(和 CSR)的同一台计算机上安装证书.显然，如果你没有私钥，你就不能签署任何东西.

Note that what you must install the certificate in the same computer where de Key pair (and the CSR) were generated. Obviously if you have no private key, you can't sign anything.

这篇关于如何签署 MSI?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！