3

I've got a legacy Visual Studio solution file from a previous programmer that has a vdproj in it which produces a .msi installer. I'm using Visual Studio 2015 Community Edition, and in order to use the vdproj, I've installed the extension at this location in order to actually create the msi. It all works just fine in terms of creating a legitimate installer that installs functional software, except for some error with code signing. On Windows 10, the Edge browser states that the signature of the file is corrupt or invalid, and it throws up similar warnings when attempting to install the product. You can skip past the warnings, but we don't want our client(s) to have to deal with that.

The older version of the software (v4.0.106) has no problems. Its MSI file has no Digital Signatures tab, even, so I'm very confused.

The main project is a C++ project (vcxproj) if that matters.

Anyone have any ideas on how to either:

  • Fix the code sign issue entirely in Visual Studio
  • Remove the digital signatures step in the MSI creation in Visual Studio so I don't have to deal with this issue at all

I've got some images up of the issues at the following link: click. Without more rep, I can't post more than 1 link or 1 image.

Deadpikle
  • 356
  • 6
  • 22

2 Answers2

1

Your problem lies with the Win10 Edge browser itself, on Win10 SHA1 encryption on certificates are no longer supported and you need SHA256

Marinus
  • 157
  • 6
  • So, then, the real solution would be to re-sign the MSI with an external code signing certificate/method that supports SHA-256? I'm not entirely sure that you can re-sign MSI files, but I assume doing such an operation would simply add a second digital signature. – Deadpikle Apr 15 '16 at 13:48
0

Unfortunately, it appears as though there is no way to modify the code signing steps within Visual Studio 2015, at least that I could find. Instead of clients dealing with the MSI at all, I ended up bundling the MSI in an executable file using Inno Setup. Since the exe had no signing issues, browsers don't complain. Thus, there's an extra step involved in the setup tool creation, but our clients have an easier time.

In order to have Inno Setup run MSI files, you can modify the following script:

[Setup]
AppName=AppName
AppVersion=4.0.107
DefaultDirName={pf}\DirName
DefaultGroupName=GroupName
UninstallDisplayIcon={app}\UDisplayIcon.exe
OutputDir=userdocs:Inno Setup Examples Output

[Files]
Source: MSIInstaller.msi; DestDir: {tmp}; Flags: deleteafterinstall; 

[Run]
; run msi installer
Filename: "msiexec.exe"; Parameters: "/i ""{tmp}\MSIInstaller.msi"" /qb"; WorkingDir: {tmp};
Deadpikle
  • 356
  • 6
  • 22