Unable to build a trusted package

Support for all customers who have purchased a SAPIEN PowerShell Studio product license. This forum does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
166506
Posts: 3
Joined: Sun Nov 13, 2016 12:26 am

Unable to build a trusted package

Post by 166506 » Sun Jan 13, 2019 1:10 am

Product, version and build: Powershell Studio 2017 version 5.4.145
Operating system: Windows 10 Ent. 1803 64x

I am unable to build a "trusted" package for Windows 10. I use a wildcard cert to sign the package, the cert has been installed locally on the machine where I build the package.
Running the package on a different Windows 10 machine results in an error that the application is not trusted and the only option that you have is "don't run this application"
Any ideas what goes wrong?
Image
Image

Build looks ok:
Image

User avatar
Alexander Riedel
Posts: 6819
Joined: Tue May 29, 2007 4:43 pm

Re: Unable to build a trusted package

Post by Alexander Riedel » Sun Jan 13, 2019 1:51 am

Your digital signature is not trusted on that other machine. Simple as that.
Don't know where your certificate came from, but if the issuing authority is not trusted on the executing machine it is a no go.
You can right click on your executable on the other machine and examine the signature verification path in the file's properties to see what is not trusted.
It can be that the root authority is not one that is trusted by default in Windows and needs to be installed.
It can also be that your signature was only meant for local use and is not a general code signing signature, we would not know.
At any rate, that is not a PowerShell Studio issue. I recommend reading up on how digital signatures work.
This might help to figure out what's wrong.
https://www.sslsupportdesk.com/how-to-v ... n-windows/
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
166506
Posts: 3
Joined: Sun Nov 13, 2016 12:26 am

Re: Unable to build a trusted package

Post by 166506 » Sun Jan 13, 2019 2:49 am

Thanks ALexander for your quick reply.
It make sense, but I am using a AlphaSSL Wildcard Certificate it has a GlobalSign Root CA.

Can you advice me a type of cert issuing authority is trusted on all (most) windows 10 machines? We are building a app which our customers can download but than the tool just has to work on the client machine.
Any advice is welcome!

User avatar
Alexander Riedel
Posts: 6819
Joined: Tue May 29, 2007 4:43 pm

Re: Unable to build a trusted package

Post by Alexander Riedel » Sun Jan 13, 2019 3:25 am

I am not sure what certificate you have there, but it sounds like you are using a website certificate.
What you need is a code signing certificate. There is a very important distinction between code signing certificates and simple TLS/SSL certificates.

We can not recommend or endorse any one vendor, but this is an example of what you would need:
https://trustcenter.websecurity.symante ... _cs_ma_buy
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
166506
Posts: 3
Joined: Sun Nov 13, 2016 12:26 am

Re: Unable to build a trusted package

Post by 166506 » Sun Jan 13, 2019 4:59 am

Great support, thanks Alexander for pointing me in the right direction!