views:

777

answers:

3

This may be a duplicate, though I can't find it at this time. If so please point me in the right direction.

I recently purchased an authenticode certificate from globalsign and am having problems signing my files for deployment. There are a couple of .exe files that are generated by a project and then put into a .msi. When I sign the .exe files with the signtool the certificate is valid and they run fine. The problem is that when I build the .msi (using the visual studio setup project) the .exe files loose their signatures. So I can sign the .msi after it is built, but the installed .exe files continue the whole "unknown publisher" business. How can I retain the signature on these files for installation on the client machine?

You help is appreciated.

-Alex

A: 

Are you positive the installer project is looking at the signed binary and not the unsigned one ?

I'm not using the msi builder much, but I would find it surprising that it modifies the files it packages at all.

Bahbar
Thank you for pointing me in the right direction
Alex
+2  A: 

Visual Studio creates two folders at compile time: obj and bin. Turns out, at least in my case, the output will always be copied from the obj folder into the bin folder. I was signing the executables in the bin folder only to have them overwritten and then packaged into the msi. Signing the executables in the obj folder solved the problem.

Alex
thanks, this solved my problems with this!
Bart Janson
A: 

Also read this: http://www.actualinstaller.com/forum/viewtopic.php?f=2&t=9

Mark88