如何签名MSI？ [英] How to sign an MSI?

问题描述

我的公司想要防止客户安装我们的产品时出现的UAC弹出窗口。我们从VeriSign（VeriSign Class 3 Code Signing 2010 CA）购买了一个证书，并且有一个MyCompany.cer文件。

My company wants to prevent the UAC popup that appears when customers install our product. We purchased a certificate from VeriSign (VeriSign Class 3 Code Signing 2010 CA) and I got a MyCompany.cer file.

我通过双击安装证书， 个人商店。它现在显示在证书管理单元中，以及其他几个证书。 snapin说它的预期目的是代码签名。我通过复制指纹得到SHA1哈希。

I installed the cert by double-clicking it and selecting the "Personal" store. It now appears in the Certificates snapin, along with several other certs. The snapin says its intended purpose is "Code Signing". I got the SHA1 hash by copying the thumbprint.

我尝试使用此命令签名msi：

I try to sign the msi with this command:

signtool sign /sha1 <thumbprint> myInstaller.msi

并获得消息
SignTool错误：所有给定的标准。

and get a message "SignTool Error: No certificates were found that met all the given criteria."

如果我离开/ sha1，我得到一个列表中的大多数其他证书在商店 - 目的是<全部>

If I leave off the "/sha1 " I get a list of most of the other certs in the store - the ones that say their intended purpose is "<All>" My cert isn't listed.

推荐答案

我的证书未列出。

这很漂亮，但我希望它能帮助别人。

This is pretty old but I hope it helps someone.

首先，你需要检查你有一个私钥的.cer文件，如果你打开它，你应该看到一个按钮图标在其后的句子：

First of all you need to check that you have a Private Key for that .cer file, If you open it you should see a Key icon somewhere followed by the sentence:

You have a private key for this certificate

请注意，必须在生成de密钥对（和CSR）的同一计算机中安装证书。显然，如果你没有私钥，你不能签署任何东西。

Note that what you must install the certificate in the same computer where de Key pair (and the CSR) were generated. Obviously if you have no private key, you can't sign anything.

这篇关于如何签名MSI？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！