We recently purchased an EV Code Signing Certificate.
I followed instructions and I can successfully sign our built applications (exe files), our libraries (dll).
However, I can't sign our setup packages (MSI files), I always get this error:
SignTool Error: An unexpected internal error has occurred. Error
information: "Error: SignerSign() failed." (-2147024885/0x8007000b)
I don't see anything in Event Viewer.
I am really stuck here, I don't not understand how same command could work for certain file types and not for msi files.
Thanks in advance for your help!
Check the log for more info:
Run Event Viewer app.
Open the event log: Event Viewer (Local) > Applications and Services
Logs > Microsoft > Windows > AppxPackagingOM > Microsoft-Windows-AppxPackaging/Operational
Look for the most recent error event
In my case I had a mismatch in publisher string in Certificate and Manifest.
The following cause was reported on a forum post:
Have just found the cause: my antivirus Trend Micro Worry Free
Advanced is the problem.
When I deactivate it, I can sign without any problem and it is much
faster to sign.
Now I have to find to which part I have to set an exception in the
antivirus.
The strange thing is that I never had any problem to sign with my
Authenticode certifcate,
but here with an EV Code Signing certificate my antivirus blocks
something...
Posted by david[SDT] Monday, April 9, 2018 12:47 PM
Related
We have a plug-in that runs on Outlook 2016. Our plug-in is using VSTOInstaller.exe file to install new updates from the installation folder URL. Now, the certificate of our plug-in is about to expire, so we bought a new certificate and deployed a new version with the new certificate.
But during the installion of the new update with the new certificate, the plug-in have encountered a security error that is preventing it from updating to the new version, see error below:
Exception: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (Time Tracking System) is not on the inclusion list. Contact your administrator for further assistance.
************** Exception Text **************
System.Security.SecurityException: Customized functionality in this application will not work because it has not been granted trust. The certificate used to sign the deployment manifest is unknown, and the customization itself (Time Tracking System) is not on the inclusion list. Contact your administrator for further assistance.
at Microsoft.VisualStudio.Tools.Office.Runtime.OfficeAddInDeploymentManager.VerifyAddInTrust(ClickOnceAddInTrustEvidence evidence)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was:
MyComputer
After searching for a solution over the internet, I found this article: http://www.aivanoff.net/Blogs/Details/VSTOwithHSA256fail.
For short, changing the RSAKeyValue from the "HKEY_CURRENT_USER\Software\Microsoft\VSTO\Security\Inclusion" in the registry with the RSAKeyValue of the new certificate will fix the problem. I have tried this solution and it worked but this is not the kind of solution that we want to give to our users.
I have also tried solution from the URL below, but it did not work:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/b1289353-91ab-4f3f-be20-6d65615441bd/security-trust-issue-only-on-some-client-machines-outlook-addin?forum=vsto
Could someone please let me know an explanation about why this error occur? And is there any other way to fix it?
Thanks,
Ben
So I had an SSL certificate, I bought one from a new company, through plesk, I installed the new one and then the website just stopped working completely.
The host company cant help, the developers we have dont know how to get it to work.
We essentially have a very large site crashed due to ssl installation.
There was no error, just a blank page, after turning on error reporting, Here is the error we are getting on the website when we go to the website url
Warning: require_once(): open_basedir restriction in effect.
File(/usr/share/psa-pear/MDB2.php) is not within the allowed path(s):
(/var/www/vhosts/domain.com/:/tmp/) in
/var/www/vhosts/domain.com/httpdocs/inc/general.php on line 7 Warning:
require_once(/usr/share/psa-pear/MDB2.php): failed to open stream:
Operation not permitted in
/var/www/vhosts/domain.com/httpdocs/inc/general.php on line 7 Fatal
error: require_once(): Failed opening required 'MDB2.php'
(include_path='.:/usr/share/psa-pear/') in
/var/www/vhosts/domain.com/httpdocs/inc/general.php on line 7
This started only when we installed the new certificate, changing back to the old one does not work, still the same error on the website
Modify your php.ini's basedir setting to include /usr/share/psa-pear/.
A client of mine has trouble with TortoiseSVN. It was working fine till now. She did her last commit on Thursday Feb. 23. 2013 But now she gets the following error:
OPTIONS SSL handshake failed: SSL error: sslv3 alert illegal parameter
She cannot access the Repository anymore. No update, no checkout, no log, etc.
It is difficult to locate the problem. It shows up with tsvn 1.7.4 and 1.7.11
She cannot use tsvn with the ProjectRepository
She cannot use svn commandline client (http://www.sliksvn.com/en/download) with the ProjectRepository
She can use tsvn with a PlaygroundRepository on another Server
She can access ProjectRepository with IE and with Firefox
She can access ProjectRepository with SmartSvn
I can use tsvn in their network with the ProjectServer from my macbook with parallels.
I entirely uninstalled/reinstalled tsvn -no success
I deleted %appdata%\Roaming\Subversion -no success
As an act of desperation, I installed smartsvn which makes her work again, but this cannot be the solution.
It must be the combination of tsvn, her machine and the ProjectRepository/Server. Her Machine works with PlaygroundRepository on another server.
Any Idea is highly welcome. In paticular due to the fact that it worked last week with tsvn 1.7.4.
So the only thing which might have changes is some updates on the windows box.
Check for the installation of MS012-006 on the client. That hot fix broke a lot of things. Roll it back and see if connects are successful.
I am new to Adobe AIR and I was following the steps given in the site :
"http://net.tutsplus.com/tutorials/tools-and-tips/introduction-to-adobe-air/", to create my first AIR application.
I was almost successful in creating my first AIR application but at the last step of Deploying AIR Application, after the successful creation of certificate when I am trying to create the.air file. I am getting the error :
"Could not generate timestamp: Connection refused: connect".
Can you please help me in resolving the issue as soon as possible.
As a short-term workaround, you can specify "-tsa none" on the ADT command line. (If you are using Flash Pro or Builder, there should be an option in the UI). -tsa none disables timestamps.
A timestamp requires an internet connection in order to get a signed timestamp token from a server. This is used to verify that your certificate was valid when the app was signed. Without a timestamp, your app won't be installable after your code signing certificate expires. With a timestamp, your app installer will not expire.
Proxy connections are sometimes the issue. Since ADT is a Java program, you have to configure the Java proxy settings if this is the source of the trouble.
Our code-signing certificate recently expired. It's been renewed, but now whenever I try to package the app with the renewed cert (whether I attempt a migration of the expired cert or not), after installation, I get the following message any time I try to run the app:
"This installation of this application is damaged. Try re-installing or contacting the publisher for assistance."
Opening up the package contents, the publisherid file inside Resources/META-INF/AIR is blank. This is apparently the problem, because if I manually edit it to contain our previous publisherID, the app will run.
But of course, it's not like we can tell all our users "oh install it then manually edit this file inside the package."
Has anyone encountered this or know how to fix it?
Ah, after a bit more banging my head against my desk I got it.
For anyone who comes after me:
I had to change a couple things in my app descriptor file.
First I had to change the namespace to point at AIR 1.5.3 instead of 1.5
<application xmlns="http://ns.adobe.com/air/application/1.5.3">
And then I had to manually specify our old publisherID in the descriptor as well
<id>OurAppID</id>
<publisherID>OurOldPublisherID</publisherID>
Now it works just as it's supposed to, installs as an update to our old version instead of a new app, and actually runs instead of just throwing that error.