/build/static/layout/Breadcrumb_cap_w.png

Signed Driver Certificate Issue on Win7-Emerson_Standalone_Data_Transfer_v5.5

Issue:
Application was installing Signed driver but the Vendor's Verisign Certificate that comes with the driver was expired.
Solution for Unattended/Silent Installs and “Would you like to install this device software” Prompt:

Follow the below to conquer this problem:

  1. In the test environment, install the program fully and check 'Always trust software from [Publisher]’ and click on Install.
  2. Run certmgr.msc and navigate to Trusted Publishers then Certificates
  3. The certificate from the publisher will show up there.
  4. Right click and click All Tasks -> Export. Save the file (say MyCertificate.cer).

We now have the certificate from the test environment.

Run the following command in your install script before the program install:

certutil -addstore "TrustedPublisher" MyCertificate.cer

Inclusion in the package:

  1. Open your driver package and add the certificate file “csiusb.cer” to the package, these should be installed into the INSTALLDIR.
  2. The custom actions that we require to install the certificate will run the commands:

Install_Certificate:

certutil -addstore "TrustedPublisher" "[INSTALLDIR]csiusb.cer"

 3. To remove the certificate when we uninstall the package using the following custom action commands:

UnInstall_Certificate

certutil -delstore "TrustedPublisher" "[INSTALLDIR]csiusb.cer"
4. The custom actions will run in "Deferred Execution - System Context" with "Synchronous, Ignore Exit code" processing.

5. Add the custom Actions to the CustomAction table.
6. Add the Install Custom actions into the "InstallExecuteSequence" with a Condition of "NOT Installed AND NOT PATCH"
7. Add the Uninstall Custom Actions into the "InstallExecuteSequence" just after the "SelfUnregModules" action with a condition of "REMOVE"
8. Before we can test our package we must move the "MsiProcessDrivers" Action so that the drivers are installed after our certificates are installed.

9. Save and compile your package.


Install the MSI, it will not prompt to verify the publisher.

It order to check that the certificates are installed by opening "Internet Explorer" and navigating to "Tools > Internet Options" and clicking on the "Certificates" option.

We can also confirm that the uninstall works correctly as the installed certificates will be removed.

 


Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ