Change code-signing certificate and click-twice installer version-info.xml

Add-in Express™ Support Service
That's what is more important than anything else

Change code-signing certificate and click-twice installer version-info.xml
 
Subscribe
Jeroen Diederix




Posts: 10
Joined: 2015-08-19
Hi,


We changed our code-signing certificate, since it was expired. We use this certificate for signing when publishing with the MSI-base web deployment. We also use the option to sign the version_info.xml file.

However, the installed plugins, signed with the old certificate do not "want" to install a version with the new certificate. It does read the new version_info.xml, but then the installation wont start without a clear error (it never starts downloading the MSI). When I do not sign the version_info.xml it complains that it is not properly signed.

When I try to install an old setup.exe (ol certificate) with the new version_info.xml (new certificate) I get an error: "Security error: The loader manifest is not trusted. Task name: ParseXML."

Also (as an experiment) when I try to install with a setup.exe signed with the new certificate and the version_info.xml with the old one I get the same error .


When both the installed plugin and the version_info.xml use the same certificate (both new and old) it all works fine.


So my question is: What is the procedure for changing the sigining certificate, should that just work or am I missing something?


Thank for the help!

Jeroen.
Posted 01 Sep, 2017 10:22:43 Top
Sergey Grischenko


Add-in Express team


Posts: 7187
Joined: 2004-07-05
Hi Jeroen,

Do you see the downloader window with the progress bar when you install a new version using LaunchUpdate method?
Posted 01 Sep, 2017 11:56:28 Top
Jeroen Diederix




Posts: 10
Joined: 2015-08-19
Hi Sergey,

No I do not see the downloader window when I install a new version (with new certificate) using the LaunchUpdate method.
Posted 04 Sep, 2017 02:43:48 Top
Sergey Grischenko


Add-in Express team


Posts: 7187
Joined: 2004-07-05
Hi Jeroen,

Does the CheckForMSIUpdates method return a new update Url? Please check it in the add-in code. Probably you get any exceptions.
Posted 04 Sep, 2017 04:07:39 Top
Jeroen Diederix




Posts: 10
Joined: 2015-08-19
Hi Sergey,

Yes it does, but then the LaunchMSIUpdate function throws this exception:



System.Security.Cryptography.CryptographicException: Verification failed: Can't find the key info in the 'version_info.xml' file.
   at AddinExpress.Projects.Common.Utilities.ReadVersionInfo(String appDir, XmlDocument versionInfoDoc, String downloaderFilePath)
   at AddinExpress.Projects.Common.Utilities.ReadVersionInfo(Object module, XmlDocument versionInfoDoc, String downloaderFilePath)
   at AddinExpress.Projects.Common.Utilities.LaunchUpdates(Object module, String updateUrl, String tempFolder, IWebProxy proxy, String appDir, String commandLine)
   at AddinExpress.MSO.ADXAddinModule.LaunchMSIUpdates(String url)
Posted 04 Sep, 2017 05:12:20 Top
Sergey Grischenko


Add-in Express team


Posts: 7187
Joined: 2004-07-05
Hi Jeroen,

Now I reproduced the issue. Thank you for the bug report. The issue is not related to the new certificate.
The new version of Add-in Express includes X.509 certificate data instead of RSA public key when signing 'version_info.xml'. Please use the directly link for download and install the latest version of your add-in to avoid this issue. Or just wait until we fix it in the next build of Add-in Express.
Posted 04 Sep, 2017 05:55:01 Top
Jeroen Diederix




Posts: 10
Joined: 2015-08-19
Hi Sergey,

Aha, good to know it was not the certificate change.

Can you give any indication when a fix will be released?

Thanks,
Jeroen.
Posted 04 Sep, 2017 07:56:16 Top
Andrei Smolin


Add-in Express team


Posts: 14137
Joined: 2006-05-11
Hello Jeroen,

We are going to publish a new build tomorrow or the day after tomorrow.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 04 Sep, 2017 09:58:44 Top
Andrei Smolin


Add-in Express team


Posts: 14137
Joined: 2006-05-11
I'll send a note when the build is published.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 04 Sep, 2017 10:01:24 Top
Andrei Smolin


Add-in Express team


Posts: 14137
Joined: 2006-05-11
Hello Jeroen,

We've published the build; please see https://www.add-in-express.com/downloads/adxnet.php.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 07 Sep, 2017 09:37:45 Top