On 9 Oct 2007, at 15:49, John Vottero wrote: >> The wix schema seems to have support for digitally signing packages - >> the DigitalCertificate element, the DigitalCertificateRef element - >> but I can't see how they're meant to be used. >> >> Presumably light has to have access to the certificate's private key >> at some point, and it isn't clear to me from the docs how it gets >> this. It also isn't clear what format the certificate's SourceFile >> has to be in. > > I don't think that the DigitalCertificate element is used to sign > MSIs, > it's for installing certificates for web sites (I'm not sure since I > don't use it).
There are also Certificate and CertificateRef elements in the schema, and it is not obvious which ones do which :-) > You sign your MSI after it's been created using either > SIGNTOOL.EXE, PowerShell's Set-AuthenticodeSignature cmdlet or > MSBuild's > SignFile task. Hopefully I can incorporate signtool into my scripts. >> Is there a list somewhere of what CAs Microsoft trusts to issue code- >> signing certs? We're willing to pay the Verisign "tax", but would be >> happier paying someone else for a cert as long as it is trusted >> identically... > > We bought ours from Thawte and haven't had any problems. That's useful to know, thanks John. Of course they're still part of Verisign :-( Cheers, Chris ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
