PDA

View Full Version : SHA1 support



LanceRas
10-06-2015, 07:56 PM
I have way too many XP and Vista customers that are complaining regarding our SHA256 signed installers as creating security warnings or not being allowed to download.

I'm even having some XP customers complain that they are getting a Error 24592 error that a cab has an invalid digital signature and wont install.

How can I continue to use IS2015 and go back to using a SHA1 digital certificate (which I now have to re-buy, since I converted my cert to SHA256). Looking around, seems like many software companies supporting XP, 2003 Server, Vista have had to downgrade to SHA1 too.

MichaelU
10-07-2015, 08:51 AM
If you specify a SHA1 certificate, InstallShield will generate a SHA1 signature. The most you should have to do is ignore (or disable) the warning.

Christoph
03-18-2016, 04:36 AM
If you specify a SHA1 certificate, InstallShield will generate a SHA1 signature. The most you should have to do is ignore (or disable) the warning.

Is this the only solution I have?
Builded and signed installers with SHA-256 signature after January 1st, 2016 doesn't seem to work on Windows 2008 Server SP2(32-BIT).

In the middle of the installation I receive this error:
Error 1330. A file that is required cannot be installed because the cabinet file ..\..\data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24592 was returned by WinVerifyTrust.

The same installer does work on Windows 2012.

Has this for sure to do with the SHA-256 certificate and the fact that this not supported on Windows 2008 SP2?
Is there a workaround possible?

MrTree
03-21-2016, 09:02 AM
Hi,

you can use Sign Output Files: "Setup.exe" instead of "Setup.exe and Windows Installer Package" so you will not have issues with XP machines an cab-files.

K0NFUZIUS
04-05-2016, 03:31 AM
Hi Christoph,

currently Microsoft doesn't support Windows Vista and Windows Server 2008 for SHA256
You have to upgrade to Windows Server R2 (not SP2) which has a full support.


Cheers Joerg