Thursday, 19 June 2014

code signing with 'Deutsche Telekom Root CA 2' root certificate

I used to sign my applications (several GMD tools, GoBioSpace Search Application) with a certificate which was trusted up the chain by the MPG,  the DFN and the Deutsche Telekom.

This certificate was issued 24.04.2012 and was working fine until recently. Out of blue several users reported that they could not install any more application I signed. It turned out that something changed in the certificate store of windows and you need to except the root certificate for code signing.
This post will guide you through.

Normally, after clicking to install the application from the internet explorer you will see on the bottom of the page a dialog like this, asking for permission to run the installer.

 Now you will experience something similar to this error message 'The signature of setup.exe is corrupt or invalid.'
 or, if you click to see the details
To solve this, press the Windows Key + R and type "mmc" and click OK.
you will see the Microsoft Management Console
click File and "Add/Remove snap-In" to add the certificate Plug-In
activate "my user accout" and click finish
you will see the certificate plug-in on the right. now click OK.
 In the left panel activate Trusted Root Certification Authorities and then Certificates. Search for the 'Deutsche Telekom Root CA 2' certificate in the right hand panel. Right click this certificate and select properties. Activate the the purpose 'code signing' as shown below and press OK.
Problem solved. If you retry to install some application my certificate will be accepted for code signing and, hence, the software will get installed.

No comments:

Post a comment