Closed Jerczu closed 5 years ago
The verbose signtool does show the whole chain of certificates as valid.
Is it codesign cert? What is certificate common name?
@develar it is a codesign certificate. It's in the log "Subject": "CN=Duplia Ltd, O=Duplia Ltd, L=Cheltenham, C=GB"
- eg Duplia Ltd
+1
I have exactly the same issue
+1. Have the same issue. Does it affect if the publisher name has changed on the new certificate.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Electron updater 2.9.3
It was working before with the same certificate now on update it throws an error that application is not signed but it definitely is as windows signtool verifies it and the powershell Get-AuthenticodeSignature does also.
Signtool
Index Algorithm Timestamp 0 sha256 RFC3161 Successfully verified
GetAuthenticodeSignature SignerCertificate Status Path 4633722851FC737FBDE6D314F6BA6D90C0734E73 Valid Crugo Setup 1
LOG [2017-09-19 15:17:54.442] [info] Sign verification failed, installer signed with incorrect certificate: { "SignerCertificate": { "FriendlyName": "", "IssuerName": { "Name": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1535671200000)/", "NotBefore": "/Date(1504135200000)/", "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "00FD1482449A183686", "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "4633722851FC737FBDE6D314F6BA6D90C0734E73", "Version": 3, "Issuer": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Subject": "CN=Duplia Ltd, O=Duplia Ltd, L=Cheltenham, C=GB" }, "TimeStamperCertificate": { "Archived": false, "Extensions": [ "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension", "System.Security.Cryptography.X509Certificates.X509KeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension", "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509Extension" ], "FriendlyName": "", "IssuerName": { "Name": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1562697636000)/", "NotBefore": "/Date(1451520000000)/", "HasPrivateKey": false, "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "4EB0878FCC243536B2D8C9F7BF395577", "SubjectName": { "Name": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB", "Oid": "System.Security.Cryptography.Oid" }, "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA", "Version": 3, "Handle": 164117857296, "Issuer": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Subject": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB" }, "Status": 0, "StatusMessage": "Signature verified." } [2017-09-19 15:17:54.469] [error] Error: Error: New version 1.1.4 is not signed by the application owner: { "SignerCertificate": { "FriendlyName": "", "IssuerName": { "Name": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1535671200000)/", "NotBefore": "/Date(1504135200000)/", "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "00FD1482449A183686", "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "4633722851FC737FBDE6D314F6BA6D90C0734E73", "Version": 3, "Issuer": "CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O=\"GoDaddy.com, Inc.\", L=Scottsdale, S=Arizona, C=US", "Subject": "CN=Duplia Ltd, O=Duplia Ltd, L=Cheltenham, C=GB" }, "TimeStamperCertificate": { "Archived": false, "Extensions": [ "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension", "System.Security.Cryptography.X509Certificates.X509KeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension", "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension", "System.Security.Cryptography.X509Certificates.X509Extension", "System.Security.Cryptography.X509Certificates.X509Extension" ], "FriendlyName": "", "IssuerName": { "Name": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Oid": "System.Security.Cryptography.Oid" }, "NotAfter": "/Date(1562697636000)/", "NotBefore": "/Date(1451520000000)/", "HasPrivateKey": false, "PrivateKey": null, "PublicKey": { "Key": "System.Security.Cryptography.RSACryptoServiceProvider", "Oid": "System.Security.Cryptography.Oid", "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData", "EncodedParameters": "System.Security.Cryptography.AsnEncodedData" }, "SerialNumber": "4EB0878FCC243536B2D8C9F7BF395577", "SubjectName": { "Name": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB", "Oid": "System.Security.Cryptography.Oid" }, "SignatureAlgorithm": { "Value": "1.2.840.113549.1.1.11", "FriendlyName": "sha256RSA" }, "Thumbprint": "36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA", "Version": 3, "Handle": 164117857296, "Issuer": "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US", "Subject": "CN=COMODO SHA-256 Time Stamping Signer, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB" }, "Status": 0, "StatusMessage": "Signature verified." } at C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:31681:23 at Generator.next ()
at Generator.tryCatcher (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:729:23)
at PromiseSpawn._promiseFulfilled (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:9941:49)
at Promise._settlePromise (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4138:26)
at Promise._settlePromise0 (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4178:10)
at Promise._settlePromises (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4257:18)
at Promise._fulfill (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4202:18)
at Promise._settlePromise (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4146:21)
at Promise._settlePromise0 (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4178:10)
at Promise._settlePromises (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4257:18)
at Promise._fulfill (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4202:18)
at C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:4437:21
at FSReqWrap.CB [as oncomplete] (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:12790:5)
From previous event:
at Promise.longStackTracesCaptureStackTrace [as _captureStackTrace] (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:7917:19)
at new PromiseSpawn (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:9887:17)
at C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:10041:21
at NsisUpdater.downloadUpdate (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:3362:11)
at Function. (C:\Users\Tagstr\AppData\Local\Programs\crugo\resources\app.asar\bundle.js:6672:46)
[2017-09-19 15:20:56.065] [info] Checking for update