无法签署 XAP 文件
我正在尝试签署 Silverlight 4 OOB 应用程序(XAP 文件)。
我使用以下命令:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe" sign /v /f path\to\FILENAME.pfx /p PWD path\to\FILENAME.xap
并得到响应:
The following certificate was selected:
Issued to: COMPANY NAME
Issued by: Thawte Code Signing CA
Expires: Wed Dec 01 00:59:59 2010
SHA1 hash: AE57AF01180BF995C7C5B01E235F296CCF611111
Done Adding Additional Store
Successfully signed: FILENAME.xap
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
但 XAP 文件未签名。
如果我在资源管理器中查看属性,则不会列出“数字签名”。如果我尝试安装它,我会收到未经验证的对话框。
如果我使用完全相同的命令但对于 dll 文件,则签名工作正常,并且我可以看到应用于该文件的数字签名。
这可能是什么原因造成的?
我需要不同版本的 signtool.exe 吗?
如果重要的话,PFX 最初是从 XP 机器导出的,我尝试在 Win7 机器(用于开发)和 Win2008 服务器(构建机器)上运行它,并在两者上获得相同的行为。
编辑:
如果我验证签名 DLL 的证书,我会得到以下信息:
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
所以看起来我需要安装一些根证书。
但是,我不确定这可以解释为什么 XAP 文件不报告添加的任何证书。
I'm trying to sign a Silverlight 4 OOB application (XAP file).
I use the following command:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe" sign /v /f path\to\FILENAME.pfx /p PWD path\to\FILENAME.xap
and I get the response:
The following certificate was selected:
Issued to: COMPANY NAME
Issued by: Thawte Code Signing CA
Expires: Wed Dec 01 00:59:59 2010
SHA1 hash: AE57AF01180BF995C7C5B01E235F296CCF611111
Done Adding Additional Store
Successfully signed: FILENAME.xap
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
But the XAP file is not signed.
If I view properties in explorer there are no 'Digital Signatures' listed. And if I try and install it I get the unverified dialog.
If I use exactly the same command but for a dll file, the signing works fine and I can see the digital signature applied to the file.
What could be the cause of this?
Do I need a different version of signtool.exe?
If it matters, the PFX was originally exported from an XP machine and I'm trying to run this on a Win7 machine (for dev) and a Win2008 server (build machine) and get the same behaviour on both.
Edit:
If I verify the certificate of the signed DLL I get the following:
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
So it looks like I need to install some root certificates.
However, I'm not sure that explains why the XAP file doesn't report any certificate being added.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否尝试过通过 Silverlight 项目的项目属性中的“签名”选项卡对应用程序进行签名?如果您的项目属性与我的一样,那么实际上可能有两个签名选项卡(一个用于强命名程序集) - 您想要的可能是第二个。以下链接解释了签署 XAP 的步骤:http://blogs.infosupport.com/blogs/alexb/archive/2010/05/10/silverlight-4-digitally-signing-a-xap.aspx。看看这是否有助于解决问题。
还要记住,仅仅签署 XAP 是不够的 - 您必须将证书导入到受信任的根存储中(您看起来并没有这样做)。单击“签名”选项卡中的“更多详细信息...”按钮。它可能会指出此 CA 根证书不受信任。执行以下操作:
应该会出现另一个对话框,表明它已安装。现在重新编译您的应用程序,它应该可以正常工作。
希望这有帮助......
克里斯
Have you tried signing the application via the Signing tab in the Silverlight project's Project Properties? If your project properties are like mine, there might actually be two signing tabs in there (one is for strong naming the assembly) - the one you want will probably be the second one. Here's a link explaining the steps to sign the XAP: http://blogs.infosupport.com/blogs/alexb/archive/2010/05/10/silverlight-4-digitally-signing-a-xap.aspx. See if that helps solve the problem.
Also remember that simply signing the XAP isn't enough - you have to import the certificate into the Trusted Root store (which it doesn't look like you're doing). Click on the More Details... button in the Signing tab. It will probably state that this CA Root certificate is not trusted. Do the following:
Another dialog should appear stating that it has been installed. Now recompile your app and it should work fine.
Hope this helps...
Chris