![]() The signtool documentation for /tr states: The Windows SDK signtool command supports two options (to the sign and timestamp sub-commands) to generate the two different timestamp types: However, the timestamp was also made in July 2014, after this question was posted. The ReportViewer MSI file that is currently available has a V2 timestamp. Of course, the version numbers might just correlate with the results - there is possibly another aspect to the timestamp that causes it to be ignored. Timestamps with version V2 result in the "not available" status. I have not found any documentation that states this explicitly, but through testing it seems that Windows XP (SP3, with all updates installed) only supports timestamps with version V1. Proprietary: results in V1 in the Version field (PKCS#7 version?) of the countersignature properties.It seems that there are two timestamp countersignature types that can be used for Windows code signing (Authenticode): Is there an update to download or a step that can be taken by "normal" users which will allow the timestamp/countersignature to be recognized in XP/Vista? "Normal" users here means someone who is not very computer-literate I am not referring to administrator rights. However before doing this I would like to know if I have missed something obvious. I may eventually resort to disabling signature verification and using hash-based verification of the payload. I do not know if this is the cause of the problem or normal. The only thing I can see is the "2011" version of this certificate is also in the "Third-Party Root Certification Authorities" store, while the 2010 is not. This root certificate appears to be installed in the XP machine. I have followed the certificate chain on the countersignature and it ends at "Microsoft Root Certificate Authority 2010". If this is indeed the solution, please tell me which one I need. I have installed a number of different versions of the "Update for Root Certificates" to no avail, including the latest. Hitting Details shows me the countersignature, verification works, and installation proceeds correctly. However, if I download the same file to a Windows 7 machine, the timestamp is present. The file itself is signed by an expired certificate, so naturally verification fails without this timestamp. ![]() ![]() Hitting Details also tells me the signing time is "Not available". ![]() The signature is there, but the timestamp reports "Not available". So I manually download the redistributable package onto the Windows XP machine and examine its signature. It's possible there are parts that do not work on XP/Vista but for my intents and purposes it installs and runs quite well despite their claims.Įxamining the installation log file explains the digital signature verification failed. Normally I would accept this, but a)I think this has recently changed, and b)downloading and manually installing this redistributable works. Now, checking the download page for the ReportViewer redistributable, I do notice it says it requires Vista SP2 or higher. When run on a Windows 7 or later machine, it works fine. I have a WiX/Burn installation bundle which, among other things, installs the ReportViewer 2012 Runtime. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |