Follow the below to conquer this problem:
- In the test environment, install the program fully and check 'Always trust software from [Publisher]’ and click on Install.
- Run certmgr.msc and navigate to Trusted Publishers then Certificates
- The certificate from the publisher will show up there.
- Right click and click All Tasks -> Export. Save the file (say MyCertificate.cer).
We now have the certificate from the test environment.
Run the following command in your install script before the program install:
certutil -addstore "TrustedPublisher" MyCertificate.cer
Inclusion in the package:
- Open your driver package and add the certificate file “csiusb.cer” to the package, these should be installed into the INSTALLDIR.
- The custom actions that we require to install the certificate will run the commands:
Install_Certificate:
certutil -addstore "TrustedPublisher" "[INSTALLDIR]csiusb.cer"
3. To remove the certificate when we uninstall the package using the following custom action commands:
UnInstall_Certificate
certutil -delstore "TrustedPublisher" "[INSTALLDIR]csiusb.cer"
4. The custom actions will run in "Deferred Execution - System Context" with "Synchronous, Ignore Exit code" processing.
5. Add the custom Actions to the CustomAction table.
6. Add the Install Custom actions into the "InstallExecuteSequence" with a Condition of "NOT Installed AND NOT PATCH"
7. Add the Uninstall Custom Actions into the "InstallExecuteSequence" just after the "SelfUnregModules" action with a condition of "REMOVE"
8. Before we can test our package we must move the "MsiProcessDrivers" Action so that the drivers are installed after our certificates are installed.
9. Save and compile your package.
Install the MSI, it will not prompt to verify the publisher.
It order to check that the certificates are installed by opening "Internet Explorer" and navigating to "Tools > Internet Options" and clicking on the "Certificates" option.
We can also confirm that the uninstall works correctly as the installed certificates will be removed.
Comments