Louverril
asked on
Access 2007 package and sign query
I want to create a msi install package which will create a signed accdr application.
But I can't seem to do this. I create an accde file and then it seems I can EITHER create a signed accde deployment file (using Publish from office button) and have none of teh shortcuts etc created automatically OR an msi package (from developer exensions) that installs an accdr (unsigned and untrusted - so the user gets a message every time)
Really confused.
All the help in the MS website seems to inicate that you can create a trusted/signed accdr install package.
But how?
Help please!
Lou
But I can't seem to do this. I create an accde file and then it seems I can EITHER create a signed accde deployment file (using Publish from office button) and have none of teh shortcuts etc created automatically OR an msi package (from developer exensions) that installs an accdr (unsigned and untrusted - so the user gets a message every time)
Really confused.
All the help in the MS website seems to inicate that you can create a trusted/signed accdr install package.
But how?
Help please!
Lou
ASKER
At the moment Iive created a self signed certificate - and everything is being done n the PC it was created on.
I just want to see if what I'm doing is possible. I didn't thik it was a certificate problem nore the way I'm doing it (becuase the cretion of athe accdc on it's own works OK).
Lou
I just want to see if what I'm doing is possible. I didn't thik it was a certificate problem nore the way I'm doing it (becuase the cretion of athe accdc on it's own works OK).
Lou
Are you getting to the dialog where you can assign a certificate? If not, check to see if your cert is installed and available - in the VB Editor, click Tools - Digital Signature and see if your cert is available.
FWIW - you can build an installation package with 2007, but I'm under the impression that you must have a digital certificate issued by a root authority in order to "sign" the package.
Have you considered just building the deployment yourself with one of the free installers out there (like Inno Setup, which does a very nice job)? You can sign your VBA code with your digital certificate, then sign your install package with the same cert ... this provides a secure package that can be downloaded. The installer provided with 07 is better than that which was shipped with 03, but it still pales in comparison to a dedicated installer. The only positive thing about the PDW is that it will pickup your Access references (which a commerical installer will not do) ... but even then, it sometimes doesn't do a good job with this (older versions actually attempted to install portions of ADO, which is NOT the correct way to distribute MDAC - according to MS). If you want a professional deployment package, IMO skip the builtin stuff and take the time to learn one of the commercial installers ...
FWIW - you can build an installation package with 2007, but I'm under the impression that you must have a digital certificate issued by a root authority in order to "sign" the package.
Have you considered just building the deployment yourself with one of the free installers out there (like Inno Setup, which does a very nice job)? You can sign your VBA code with your digital certificate, then sign your install package with the same cert ... this provides a secure package that can be downloaded. The installer provided with 07 is better than that which was shipped with 03, but it still pales in comparison to a dedicated installer. The only positive thing about the PDW is that it will pickup your Access references (which a commerical installer will not do) ... but even then, it sometimes doesn't do a good job with this (older versions actually attempted to install portions of ADO, which is NOT the correct way to distribute MDAC - according to MS). If you want a professional deployment package, IMO skip the builtin stuff and take the time to learn one of the commercial installers ...
ASKER
Thanks LSM,
The only way to sign the accde database seems to be by opening the database, and selecting "package and sign" which creates a accdc file - you can't do it from the tools menu . You cannot then select this accdc file if you want to then create an msi file under the "package Solution" option. And also this does not make sense to do as the accdc file is a deployment file.
I am going to try signing the accdb version via the tools menu, and see if this helps (just realised you can do this). Then try the developer extensions Package Solution again after recreating the accde version from the signed accdb.
But I am interested in what you say about the commercial installers. You recommended inno setup?
However you say they don't handle the access references - so what would I do about that? I'm new to all this but I want to learn.
Just to clarify (it might help) what I am trying to do is the following:
Create a signed runtime version (I will buy a verisign certificate when I know what I'm doing! Can't really afford it just for testing.)
Create an install package that will allow the application to run on machines without access installed.
NB: Database and data are split so need to have two install packages.
Thanks Lou.
The only way to sign the accde database seems to be by opening the database, and selecting "package and sign" which creates a accdc file - you can't do it from the tools menu . You cannot then select this accdc file if you want to then create an msi file under the "package Solution" option. And also this does not make sense to do as the accdc file is a deployment file.
I am going to try signing the accdb version via the tools menu, and see if this helps (just realised you can do this). Then try the developer extensions Package Solution again after recreating the accde version from the signed accdb.
But I am interested in what you say about the commercial installers. You recommended inno setup?
However you say they don't handle the access references - so what would I do about that? I'm new to all this but I want to learn.
Just to clarify (it might help) what I am trying to do is the following:
Create a signed runtime version (I will buy a verisign certificate when I know what I'm doing! Can't really afford it just for testing.)
Create an install package that will allow the application to run on machines without access installed.
NB: Database and data are split so need to have two install packages.
Thanks Lou.
ASKER
LSm - tried to sign the accdb version -
There does not seem to be anyway to sign a database in access 2007 without also creating s accdc version. If you try to use the VBA Tools method you get a message saying you have to use the package and sign.
Once again - going round in a circle.
Lou
There does not seem to be anyway to sign a database in access 2007 without also creating s accdc version. If you try to use the VBA Tools method you get a message saying you have to use the package and sign.
Once again - going round in a circle.
Lou
ASKER
PS:
If you then use the signed accdc to deploy a accdeor accdb file the accde/b file is not signed - enven thought te accdc version allowed me to chose the self certification and stored it in the accdc file.
If you then use the signed accdc to deploy a accdeor accdb file the accde/b file is not signed - enven thought te accdc version allowed me to chose the self certification and stored it in the accdc file.
I believe when you chose the cert, you were actually signing the install package, not the database. To sign the VBA code, you must do this from within Access (the VB Editor window specifically).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
LSMConsulting;
Thanks and sorry if I've been unclear. I had already carefully read the link you give.
OK I've looked again at the accdc publish option and i have managed to get that to work with a self cert on my own pc. i thought that it was not working before but it must have been due to not setting the trusted locations properly or maybe I needed to reboot. Anyway I'm not getting any wanings.
BUT the accdc option I don't now think helps me do what I need. What I want I want to do is:
I want to create an Access install package from an accde database that will run without security warnings on any PC whether or not it has access installed i.e. create an accdr. I would like to use the access Package Solution option to create the msi - if possilbe. see http://msdn2.microsoft.com/en-gb/library/bb501030.aspx
Trusted locations warnings:
I have to edit the registry to stop these warnings appearing - OK - see https://www.experts-exchange.com/questions/23098718/Access-2007-runtime-instaled-from-package-solution-wizard-trusted-locations.html think I can have a go at that.
Digital Certificates:
QUERY: How do I add a digital certifiate to the install package.Ref above I can't see any way of adding a certificate to the access package solution option??? see previous link. OR DO I NOT NEED ONE(no warning appears on my own PC when I run the instal package even though I've signed nothing) ??
nb: I have had no success signing a accdb/e database using the Package and sign accdc method with a self cert. The code remains unsigned - and YOU CANNOT SIGN IT VIA THE VBA WINDOW.
Basc question now is how when I run the msi produced by the Access package solution option can I have a valid certificate appear? Or do I not need one - confused!
Lou
Thanks and sorry if I've been unclear. I had already carefully read the link you give.
OK I've looked again at the accdc publish option and i have managed to get that to work with a self cert on my own pc. i thought that it was not working before but it must have been due to not setting the trusted locations properly or maybe I needed to reboot. Anyway I'm not getting any wanings.
BUT the accdc option I don't now think helps me do what I need. What I want I want to do is:
I want to create an Access install package from an accde database that will run without security warnings on any PC whether or not it has access installed i.e. create an accdr. I would like to use the access Package Solution option to create the msi - if possilbe. see http://msdn2.microsoft.com/en-gb/library/bb501030.aspx
Trusted locations warnings:
I have to edit the registry to stop these warnings appearing - OK - see https://www.experts-exchange.com/questions/23098718/Access-2007-runtime-instaled-from-package-solution-wizard-trusted-locations.html think I can have a go at that.
Digital Certificates:
QUERY: How do I add a digital certifiate to the install package.Ref above I can't see any way of adding a certificate to the access package solution option??? see previous link. OR DO I NOT NEED ONE(no warning appears on my own PC when I run the instal package even though I've signed nothing) ??
nb: I have had no success signing a accdb/e database using the Package and sign accdc method with a self cert. The code remains unsigned - and YOU CANNOT SIGN IT VIA THE VBA WINDOW.
Basc question now is how when I run the msi produced by the Access package solution option can I have a valid certificate appear? Or do I not need one - confused!
Lou
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also: If you'd like to package your database and send it to me (as you would an end user) I'll be glad to try to extract and run it on my vmWare Vista instance - this one has Office 2007 installed, so can't test with the runtime.
ASKER
LSM
Thanks for this, I'm glad you got the same result as I did using the package solution option and package and sign. It seems strange the package solution doesn't ask for a certificate.
In summary what you are saying is if I want to attach a certificate I need to use something like Wise installer or the inno setup you mentioned?
I find it strange we don't need a digital certificate with access package solution though- I wonder if i could get away without buying one??If people don't get a message saying it's not digitally signed be careful would they even notice? They cost around £400 here (from verisign).
Thanks for the offer to test thats very good of you but the database is top secret at the moment!!
Yes I think you can use the Access package solution to do the registry entries haven't tried it yet but it looks like you can.
Lou
Thanks for this, I'm glad you got the same result as I did using the package solution option and package and sign. It seems strange the package solution doesn't ask for a certificate.
In summary what you are saying is if I want to attach a certificate I need to use something like Wise installer or the inno setup you mentioned?
I find it strange we don't need a digital certificate with access package solution though- I wonder if i could get away without buying one??If people don't get a message saying it's not digitally signed be careful would they even notice? They cost around £400 here (from verisign).
Thanks for the offer to test thats very good of you but the database is top secret at the moment!!
Yes I think you can use the Access package solution to do the registry entries haven't tried it yet but it looks like you can.
Lou
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you get the prompt to choose your Certificate when creating your package?