search

electron-userland / electron-builder

A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
https://www.electron.build
MIT License
13.6k stars 1.73k forks source link

Auto Update throws error application is not signed by the application owner. #2096

Closed Jerczu closed 5 years ago

Jerczu commented 7 years ago

It was working before with the same certificate now on update it throws an error that application is not signed but it definitely is as windows signtool verifies it and the powershell Get-AuthenticodeSignature does also.

Signtool

Index Algorithm Timestamp 0 sha256 RFC3161 Successfully verified

GetAuthenticodeSignature SignerCertificate Status Path 4633722851FC737FBDE6D314F6BA6D90C0734E73 Valid Crugo Setup 1

LOG [2017-09-19 15:17:54.442] [info] Sign verification failed, installer signed with incorrect certificate: { "SignerCertificate": { "FriendlyName": "", "IssuerName": { "Name": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1535671200000)/", "NotBefore": "/Date(1504135200000)/", "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "00FD1482449A183686", "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "4633722851FC737FBDE6D314F6BA6D90C0734E73", "Version": 3, "Issuer": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Subject": "CN=Duplia Ltd, O=Duplia Ltd, L=Cheltenham, C=GB" }, "TimeStamperCertificate": { "Archived": false, "Extensions": [ "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension", "System.Security.Cryptography.X509Certificates.X509KeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension", "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509Extension" ], "FriendlyName": "", "IssuerName": { "Name": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1562697636000)/", "NotBefore": "/Date(1451520000000)/", "HasPrivateKey": false, "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "4EB0878FCC243536B2D8C9F7BF395577", "SubjectName": { "Name": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB", "Oid": "System.Security.Cryptography.Oid" }, "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA", "Version": 3, "Handle": 164117857296, "Issuer": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Subject": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB" }, "Status": 0, "StatusMessage": "Signature verified." } [2017-09-19 15:17:54.469] [error] Error: Error: New version 1.1.4 is not signed by the application owner: { "SignerCertificate": { "FriendlyName": "", "IssuerName": { "Name": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1535671200000)/", "NotBefore": "/Date(1504135200000)/", "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "00FD1482449A183686", "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "4633722851FC737FBDE6D314F6BA6D90C0734E73", "Version": 3, "Issuer": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Subject": "CN=Duplia Ltd, O=Duplia Ltd, L=Cheltenham, C=GB" }, "TimeStamperCertificate": { "Archived": false, "Extensions": [ "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension", "System.Security.Cryptography.X509Certificates.X509KeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension", "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509Extension" ], "FriendlyName": "", "IssuerName": { "Name": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1562697636000)/", "NotBefore": "/Date(1451520000000)/", "HasPrivateKey": false, "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "4EB0878FCC243536B2D8C9F7BF395577", "SubjectName": { "Name": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB", "Oid": "System.Security.Cryptography.Oid" }, "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA", "Version": 3, "Handle": 164117857296, "Issuer": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Subject": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB" }, "Status": 0, "StatusMessage": "Signature verified." } at C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:31681:23 at Generator.next () at Generator.tryCatcher (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:729:23) at PromiseSpawn._promiseFulfilled (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:9941:49) at Promise._settlePromise (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4138:26) at Promise._settlePromise0 (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4178:10) at Promise._settlePromises (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4257:18) at Promise._fulfill (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4202:18) at Promise._settlePromise (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4146:21) at Promise._settlePromise0 (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4178:10) at Promise._settlePromises (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4257:18) at Promise._fulfill (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4202:18) at C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4437:21 at FSReqWrap.CB [as oncomplete] (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:12790:5) From previous event: at Promise.longStackTracesCaptureStackTrace [as _captureStackTrace] (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:7917:19) at new PromiseSpawn (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:9887:17) at C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:10041:21 at NsisUpdater.downloadUpdate (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:3362:11) at Function. (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:6672:46) [2017-09-19 15:20:56.065] [info] Checking for update

Jerczu commented 7 years ago

The verbose signtool does show the whole chain of certificates as valid.

develar commented 7 years ago

Is it codesign cert? What is certificate common name?

Jerczu commented 7 years ago

@develar it is a codesign certificate. It's in the log "Subject": "CN=Duplia Ltd, O=Duplia Ltd, L=Cheltenham, C=GB" - eg Duplia Ltd

fryck commented 6 years ago

+1

I have exactly the same issue

arkakkar commented 6 years ago

+1. Have the same issue. Does it affect if the publisher name has changed on the new certificate.

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.