silent installation and fedict certificate
308 views
Skip to first unread message
Cyr Bol
Apr 27, 2018, 4:11:02 AM4/27/18
to eID Middleware Dev
Hi,
Where do I find the certificate mentionned in the second way of performing a silent installation in https://eid.belgium.be/en/faq/how-can-i-perform-silent-installation-eid-software-and-eid-viewer#7495 ?
The document says "Retrieve our certificate from the signed .msi installer." but doesn't specify which .msi installer. And, I have uncrompressed both the 32bits and 64bits .msi files (beidmw_32_4.2.8.msi and beidmw_64_4.2.8.msi), and the quick installer .exe file (belgium_eid-quickinstaller_4.3.2.3551.exe), and couldn't find any certificates in them.
Best regards,
Cyrille
Where do I find the certificate mentionned in the second way of performing a silent installation in https://eid.belgium.be/en/faq/how-can-i-perform-silent-installation-eid-software-and-eid-viewer#7495 ?
The document says "Retrieve our certificate from the signed .msi installer." but doesn't specify which .msi installer. And, I have uncrompressed both the 32bits and 64bits .msi files (beidmw_32_4.2.8.msi and beidmw_64_4.2.8.msi), and the quick installer .exe file (belgium_eid-quickinstaller_4.3.2.3551.exe), and couldn't find any certificates in them.
Best regards,
Cyrille
Via the manual installers
- Run the .msi installers with the /quiet parameter.
- Retrieve our certificate from the signed .msi installer.
- Add our certificate to the trusted publisher store.
- Install the eID minidriver from the INF file.
You can easily perform this last step with the following commands:
start /wait msiexec /i "beidmw_64_4.2.8.msi" /quiet /norestart
certutil -addstore TrustedPublisher fedict_codesigning.cer
PnPutil.exe /a beidmdrv.in
You can find the .msi installers and the eID minidriver installer there.
Frederik Vernelen
Apr 27, 2018, 4:17:41 AM4/27/18
to Cyr Bol, eID Middleware Dev
Hello Cyrille,
All our .msi installers are signed with the same certificate, so any one of them will do.
When you check the digital signature in Windows, there is also an option to save the certificates used to create the signature..
In detail:
Just right click on the .msi -> properties -> digital signatures -> details -> show certificate -> details -> copy to file
Wkr,
Frederik
--
You received this message because you are subscribed to the Google Groups "eID Middleware Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to eid-middleware-dev+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Leemans
May 25, 2018, 7:06:23 AM5/25/18
to eID Middleware Dev
Frederik,
The current certificate is only valid until Nov 2018. Any chance of supplying a newer certifcate ?
Thx,
David
Frederik Vernelen
May 25, 2018, 7:06:52 AM5/25/18
to eID Middleware Dev
Hello David,
Thank you for your concern.
All our signed software also contain a timestamped and AN OCSP check, so that software that verifies the signature can check when the signature was created,
and that the certificate that was used was not revoked at that time. So the current signed installers will remain valid after November 2018.
We can of course no longer sign with the current certificate after its expiration date.
Wkr,
Frederik
To unsubscribe from this group and stop receiving emails from it, send an email to eid-middleware-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Leemans
May 25, 2018, 8:38:11 AM5/25/18
to eID Middleware Dev
Hello Frederik,
I suppose by then (Nov) you will have a new certiticate. I am in charge of deploying software to our users, and noticed that the latest release of eid-viewer (4.4.3) still came with a certificate close to it's expiration date.
David
To unsubscribe from this group and stop receiving emails from it, send an email to eid-middleware-dev+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages