Page 1 of 1

Unable to build a trusted package

Posted: Sun Jan 13, 2019 1:10 am
by 166506
Product, version and build: Powershell Studio 2017 version 5.4.145
Operating system: Windows 10 Ent. 1803 64x

I am unable to build a "trusted" package for Windows 10. I use a wildcard cert to sign the package, the cert has been installed locally on the machine where I build the package.
Running the package on a different Windows 10 machine results in an error that the application is not trusted and the only option that you have is "don't run this application"
Any ideas what goes wrong?
Image
Image

Build looks ok:
Image

Re: Unable to build a trusted package

Posted: Sun Jan 13, 2019 1:51 am
by Alexander Riedel
Your digital signature is not trusted on that other machine. Simple as that.
Don't know where your certificate came from, but if the issuing authority is not trusted on the executing machine it is a no go.
You can right click on your executable on the other machine and examine the signature verification path in the file's properties to see what is not trusted.
It can be that the root authority is not one that is trusted by default in Windows and needs to be installed.
It can also be that your signature was only meant for local use and is not a general code signing signature, we would not know.
At any rate, that is not a PowerShell Studio issue. I recommend reading up on how digital signatures work.
This might help to figure out what's wrong.
https://www.sslsupportdesk.com/how-to-v ... n-windows/

Re: Unable to build a trusted package

Posted: Sun Jan 13, 2019 2:49 am
by 166506
Thanks ALexander for your quick reply.
It make sense, but I am using a AlphaSSL Wildcard Certificate it has a GlobalSign Root CA.

Can you advice me a type of cert issuing authority is trusted on all (most) windows 10 machines? We are building a app which our customers can download but than the tool just has to work on the client machine.
Any advice is welcome!

Re: Unable to build a trusted package

Posted: Sun Jan 13, 2019 3:25 am
by Alexander Riedel
I am not sure what certificate you have there, but it sounds like you are using a website certificate.
What you need is a code signing certificate. There is a very important distinction between code signing certificates and simple TLS/SSL certificates.

We can not recommend or endorse any one vendor, but this is an example of what you would need:
https://trustcenter.websecurity.symante ... _cs_ma_buy

Re: Unable to build a trusted package

Posted: Sun Jan 13, 2019 4:59 am
by 166506
Great support, thanks Alexander for pointing me in the right direction!