jaklug
Posts: 11
Joined: 2018-08-28
|
We are using a ClickTwice deployment. We had to change our certificate. Originally we used a "normal" cert stored in the Windows Cert Store. The new certificate is an EV cert, stored in the Azure Key Store. You assisted us with how to set this up. Here my original post:
https://www.add-in-express.com/forum/read.php?FID=5&TID=16331
I followed the steps at this post:
https://www.add-in-express.com/forum/read.php?FID=5&TID=16307&MID=84617#message84617
If I put the installer files on our download site, I can successfully install the add-in by downloading the installer exe and running it from my computer (not using the update feature). However, when I attempt to update the add, I get this error immediately:
------------------------------
Detailed technical information follows:
---
(Inner Exception)
Date and Time: 5/19/2022 7:53:43 AM
Machine Name: JKLUG1
IP Address: fe80::b12b:db85:7e03:8492%22
Current User: AzureAD\JoeKlug
Application Domain: C:\Users\JoeKlug\AppData\Local\Neudesic, LLC\NetSuite SRP Add-in for Microsoft Project\
Assembly Codebase: file:///C:/Users/JoeKlug/AppData/Local/Neudesic, LLC/NetSuite SRP Add-in for Microsoft Project/AddinExpress.MSO.2005.DLL
Assembly Full Name: AddinExpress.MSO.2005, Version=9.4.4644.0, Culture=neutral, PublicKeyToken=4416dd98f0861965
Assembly Version: 9.4.4644.0
Exception Source: AddinExpress.MSO.2005
Exception Type: System.Security.Cryptography.CryptographicException
Exception Message: Verification failed: The 'version_info.xml' file and the downloader were signed with different certificates.
Exception Target Site: ReadVersionInfo
---- Stack Trace ----
AddinExpress.Projects.Common.Utilities.ReadVersionInfo(appDir As String, versionInfoDoc As XmlDocument, downloaderFilePath As String)
AddinExpress.MSO.2005.DLL: N 0297 (0x129) IL
AddinExpress.Projects.Common.Utilities.LaunchUpdates(module As Object, updateUrl As String, tempFolder As String, proxy As IWebProxy, appDir As String, commandLine As String, hideDownloaderWindow As Boolean, msiUILevel As Int32, runAsAdministrator As Boolean)
AddinExpress.MSO.2005.DLL: N 0642 (0x282) IL
AddinExpress.MSO.ADXAddinModule.LaunchMSIUpdates(url As String)
AddinExpress.MSO.2005.DLL: N 0027 (0x1B) IL
Peregrine.Microsoft.Project.Addin.AddinModule.btnUpdate_OnClick(sender As Object, control As IRibbonControl, pressed As Boolean)
AddinExpress.MSO.2005.DLL: N 0096 (0x60) IL
AddinExpress.MSO.ADXRibbonButton.DoInternalAction(e As ADXRibbonOnActionEventArgs)
AddinExpress.MSO.2005.DLL: N 0035 (0x23) IL
------------------------------
Per our previous post, I am using the AzureSignTool to sign adxloader, adxloader64 and the add-ins assembly as pre-build events in the setup project. Then I run adxpublisher with a test certificate. Finally I use AzureSignTool to sign my downloader exe an msi. Notice I didn't sign (or resign) the version_info.xml file. I added some code to sign this with the same EV cert, but still get this error.
Any suggestions?
Thank you,
Joe |
|
Andrei Smolin
Add-in Express team
Posts: 18827
Joined: 2006-05-11
|
Hello Joe,
Our guys said, you should delete the signature in version_info.xml. Please let me know if this works for you.
Regards from Poland (CEST),
Andrei Smolin
Add-in Express Team Leader |
|
jaklug
Posts: 11
Joined: 2018-08-28
|
After removing the signature in the xml file, I now get this error:
Security error: The security key doesn't match the signature of 'version_info.xml'. Task name: ParseXML.
Seems like the signature is checked on download?
Joe |
|
jaklug
Posts: 11
Joined: 2018-08-28
|
Any update on this? You've been promising support for EV certificates in various posts for a few years now. As more and more companies are moving to then you really should add support.
Joe |
|
Andrei Smolin
Add-in Express team
Posts: 18827
Joined: 2006-05-11
|
Hello Joe,
Alas, it is now clear that there will be no support for EV certificates.
Later today I'll test your scenario and suggest a way out.
Regards from Poland (CEST),
Andrei Smolin
Add-in Express Team Leader |
|
jaklug
Posts: 11
Joined: 2018-08-28
|
Can you send me a private email? I have a few questions about the source code.
Joe |
|
Andrei Smolin
Add-in Express team
Posts: 18827
Joined: 2006-05-11
|
Hello Joe,
My tests show that you should publish one more version signed with the old certificate; you should publish it with a different Installation URL. Then you prepare the new version - you do not sign version_info.xml in this case - and make it available through that URL.
Regards from Poland (CEST),
Andrei Smolin
Add-in Express Team Leader |
|