I'm trying to sign a Silverlight 4 OOB application (XAP file).
I use the following command:"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe" sign /v /f path\to\FILENAME.pfx /p PWD path\to\FILENAME.xap
and I get the response:
The following certificate was selected:
Issued to: COMPANY NAME
Issued by: Thawte Code Signing CA
Expires: Wed Dec 01 00:59:59 2010
SHA1 hash: AE57AF01180BF995C7C5B01E235F296CCF611111
Done Adding Additional Store
Successfully signed: FILENAME.xap
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
But the XAP file is not signed.
If I view properties in explorer there are no 'Digital Signatures' listed. And if I try and install it I get the unverified dialog. If I use exactly the same command but for a dll file, the signing works fine and I can see the digital signature applied to the file.What could be the cause of this?
Do I need a different version ofsigntool.exe
?
If it matters, the PFX was originally exported from an XP machine and I'm trying to run this on a Win7 machine (for dev) and a Win2008 server (build machine) and get the same behaviour on both.
Edit:
If I verify the certificate of the signed DLL I get the following:SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not开发者_如何转开发 trusted by the trust provider.
So it looks like I need to install some root certificates.
However, I'm not sure that explains why the XAP file doesn't report any certificate being added.
Have you tried signing the application via the Signing tab in the Silverlight project's Project Properties? If your project properties are like mine, there might actually be two signing tabs in there (one is for strong naming the assembly) - the one you want will probably be the second one. Here's a link explaining the steps to sign the XAP: http://blogs.infosupport.com/blogs/alexb/archive/2010/05/10/silverlight-4-digitally-signing-a-xap.aspx. See if that helps solve the problem.
Also remember that simply signing the XAP isn't enough - you have to import the certificate into the Trusted Root store (which it doesn't look like you're doing). Click on the More Details... button in the Signing tab. It will probably state that this CA Root certificate is not trusted. Do the following:
- Click the Install Certificate button on this dialog
- Select the Place all certificates button in the following store option, and click the Browse... button
- Select the Trusted Root Certification Authorities item in the tree
- Press OK.
Another dialog should appear stating that it has been installed. Now recompile your app and it should work fine.
Hope this helps...
Chris
精彩评论