Electron-builder: Regression: Codesign Error (Windows) when using certificate store v19.33.0

Created on 3 Oct 2017  路  2Comments  路  Source: electron-userland/electron-builder


  • Version: v19.33.0

  • Target: Win64



I've been using Win10 certificate store, with standard cert (i.e. Non EV) with following options:

{
"win": {
      "target": [
        "nsis"
      ],
      "certificateSubjectName": "My Company"
    }
}

and assuming I had my cert in the correct store, elec-builder would find it ok.

However, your new (v19.33.0) feature should auto find the cert, which is great! However, it couldn't find my (previously) working cert. A bit of debugging found that windowsCodeSign.ts#L99 is comparing ISSUER Name to Subject name, i.e.

if (!certInfo.IssuerName.Name.includes(certificateSubjectName))

where I think it should be

if (!certInfo.Subject.includes(certificateSubjectName))

Logging the certInfo object shows that IssuerName only contains IssuerName: { Name: 'CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB' .... This may be your intent or due to it being a standard cert and not EV (I don't have an EV to test).

So in summary, v19.33.0 I get codesign error. With my above suggested change it now works.

Also note, if I don't specify certificateSubjectName and use certificateSha1 with correct sha1 string it works with v19.33.0.

bug windows
Source
picture dharders
👍1

Most helpful comment

@sylhero I used certificateSha1 directly as a workaround. You can find your cert sha1 by opening powershell and executing the following:

Get-ChildItem -path cert:\LocalMachine\My

Alternatively you can open 'Manage computer certificates' in Control Panel. You should find your cert under the Personal->Certificates (or Current User / Local Machine) depending on how you imported your cert into the store. Double click on your cert, then click the details tab at the top and scroll down to the bottom and the Thumbprint is your sha1.

Use that as your certificateSha1 string, without the spaces. (I used uppercase, haven't tested lowercase).

I much prefer just the certificateSubjectName way 馃槃

picture dharders on 4 Oct 2017
🎉1 👍1

All 2 comments

we encountered this issue too. @dharders did u roll back to previous version or you use certificateSha1 directly?

sylhero picture sylhero on 4 Oct 2017

@sylhero I used certificateSha1 directly as a workaround. You can find your cert sha1 by opening powershell and executing the following:

Get-ChildItem -path cert:\LocalMachine\My

Alternatively you can open 'Manage computer certificates' in Control Panel. You should find your cert under the Personal->Certificates (or Current User / Local Machine) depending on how you imported your cert into the store. Double click on your cert, then click the details tab at the top and scroll down to the bottom and the Thumbprint is your sha1.

Use that as your certificateSha1 string, without the spaces. (I used uppercase, haven't tested lowercase).

I much prefer just the certificateSubjectName way 馃槃

dharders picture dharders on 4 Oct 2017
🎉1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

noahprince22 picture noahprince22  路  3Comments
NPellet picture NPellet  路  3Comments
Jashepp picture Jashepp  路  3Comments
lbssousa picture lbssousa  路  3Comments
antonycourtney picture antonycourtney  路  3Comments