UAC 修补和数字签名
我们有一个执行自动更新的应用程序。直到最近,我们还没有遇到任何问题。然而,我们的许多客户最终升级到 Windows 7 并遇到了各种各样的问题。
我的任务是更新安装程序,使其能够在 7 上运行(以及 Vista,尽管我们的客户似乎都没有使用 Vista)。
根据这篇文章,似乎标准用户可以应用 msp 补丁,前提是它的签名与原始安装的签名相同。
有人有这方面的经验吗?签名是否必须经过第三方验证?我问,因为我遵循了这个流程 并创建了我的开发签名,当我安装在单独的 Windows 7 机器上时,它显示未知发布者并要求管理员登录。我认为这是因为它是自签名的。但是,在我们花钱从 Thawte 或 Verisign 获得第 3 方证书之前,我想进行验证。
We have an application that performs auto-updates. Until recently, we haven't run into any issues. However, a lot of our customers are finally upgrading to Windows 7 and running into all sorts of issues.
I've been tasked with updating the installer so it works on 7 (and Vista, although it appears none of our customers use Vista).
Based on this article, it appears that a standard user can apply a msp patch, provided it's signed with the same signature as the original install.
Does anyone have experience with this? Does the signature have to be 3rd party verified? I ask, because I followed this process and created my signatures for development, and when I installed on a separate Windows 7 box, it showed an Unknown Publisher and required the Admin to log in. I assumed it was because it was self-signed. However, I want to verify before we spend the money to get a 3rd party cert from Thawte or Verisign.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我想我已经解决了我自己的问题。
我将在测试盒上创建的证书手动导入到我的 W7 测试盒中。
一旦我这样做了,补丁就可以运行而无需管理员密码。
显然,我只能手动在测试盒上进行导入,因此我需要从 Thawte 或 Verisign 获得第 3 方证书。
I think I've solved my own problem.
I took the certificates I created on my test box, and manually imported them into my W7 test box.
Once I did this, the patch was able to run without requiring admin password.
Obviously, I can only manually do my importing on test boxes, so I will need to get a 3rd party cert from Thawte or Verisign.