> Thanks very much for the reply. The whole point of doing this, was having something like inhouse certificate. Like, I believe, you can do it on Linux, where you can try to say that you trust that certificate on your machine, and from then on the machine will not complain that it is from unknown publisher. I was wondering when we can do something like that on Linux, why it is not possible on Vista(Windows)?

>   Any suggestions.

>   Thanks again,
>   Lizz

> SP <shane.phill...@tx.rr.com> wrote:

> FYI... if you right click the MSI and select Properties, you should
> see the "Digital Signature" tab, in which you'll see the signature
> with your test cert. company name, etc. However, Windows is still
> going to warn you that it's from an Unknown Publisher when you try to
> install it due to CA validation failure.

> On May 15, 3:59 pm, SP wrote:

> > That's because your "test certificate" can't be validated by a CA.
> > You'll need to purchase a legitimate Authenticode Cert from Verisign,
> > Thawte or some such CA to get a valid Publisher notification.

> > On May 15, 2:19 pm, lizz r
> wrote:

> > > I managed to get this to work.But only thing is, looks like I am missing something here. Even after I do run all the three things. When I try to run my MSI package, it doesnt make any difference. It still says runs from unknown source.

> > > Please help.

> > > Thanks

> > > SP wrote:

> > > 1) Copy the text below into your favorite editor, save it as a batch
> > > file under c:\temp (create the dir if it doesn't exist)
> > > 2) Copy your MSI to c:\temp, rename it test.msi (or update the batch
> > > file below)
> > > 3) Open a Visual Studio command prompt (or, ensure makecert.exe, etc.
> > > is in your PATH variable)
> > > 4) CD to c:\temp
> > > 5) Run the batch file

> > > (Note: you will notice the "hello" in the commands below... when
> > > makecert.exe runs, you'll be prompted for a password for the cert...
> > > enter "hello" in the popup for all password fields. Of course, when
> > > you purchase a real PFX from Thawte / Verisign / whomever, you'll want
> > > to make the password more complex... but "hello" works fine for demo.)

> > > makecert.exe -r -sv lizzprivatekey.pvk -n "CN=Lizz R Inc."
> > > lizzpublickey.cer
> > > pvk2pfx.exe -pvk lizzprivatekey.pvk -spc lizzpublickey.cer -pfx
> > > lizzcert.pfx -po hello
> > > signtool.exe sign /f lizzcert.pfx /p hello /v "c:\temp\test.msi"

> > > On May 14, 4:04 pm, lizz r
> > > wrote:

> > > > Thanks much. I will try this. Can you please help me with creating a dummy certificate?
> > > > Any suggestions as to how to create these certificates just to see this thing works?

> > > > Thanks much,
> > > > Lizz

> > > > SP wrote:

> > > > Lizz -

> > > > Sorry... try this (I just tested it, it works... this is the
> > > > command we use in our automated builds)

> > > > signtool.exe sign /f [your cert file name].pfx /p [your cert
> > > > password] /v [your msi].msi

> > > > e.g.

> > > > signtool.exe sign /f mycert.pfx /p mypassword /v myinstaller.msi

> > > > On May 14, 12:56 pm, lizz r
> > > > wrote:

> > > > > It gives me an error saying that unable to verify this file using a catalog.

> > > > > SP wrote:

> > > > > You can sign MSIs just like you sign an EXE file:

> > > > > signtool.exe verify /a /v mypackage.msi

> > > > > See:http://msdn.microsoft.com/en-us/library/bb172338(VS.85).aspx

> > > > > For more info. (Of course, you need to purchase a code-signing /
> > > > > Authenticode cert)

> > > > > On May 8, 3:44 pm, lizz r
> > > > > wrote:

> > > > > > Hi,

> > > > > > Thanks much.

> > > > > > Can you please let me know how to apply digital signature for the MSI packages that are created?

> > > > > > Thanks,
> > > > > > Lizz