skip_sailors
asked on
Why doesn't a Run button display when an MSI is downloaded from my site?
We have an online store that delivers MSI packages over an SSL connection. IE9 clients that click on the link to download see a Run, Save, View Downloads bar at the bottom of the screen. If they select to Run, after the download, and after the security scan, the Smart Screen bar presents buttons to Delete, Actions, or View Downloads. "Delete" is the recommended action.
When I download an MSI from another site, for instance, the TortoiseSVN client from tigris.org, and I select to Run, the installer starts right up. Obviously, IE9 thinks the SVN client MSI is safer than the MSI for my product. Why? Is there anything I can do to demonstrate to IE9 that my product is trustworthy?
I know I can instruct my clients to "Run Anyway" despite IE9's warning them off, but this is not a good customer experience. What makes Tigris more trustworthy than my company?
When I download an MSI from another site, for instance, the TortoiseSVN client from tigris.org, and I select to Run, the installer starts right up. Obviously, IE9 thinks the SVN client MSI is safer than the MSI for my product. Why? Is there anything I can do to demonstrate to IE9 that my product is trustworthy?
I know I can instruct my clients to "Run Anyway" despite IE9's warning them off, but this is not a good customer experience. What makes Tigris more trustworthy than my company?
Because the TortoiseSVN is signed. If you have a local CA and sign your product, you will get the same behavior within the CA's LAN or on systems that have your local CA defined as trusted authority.
ASKER
arnold,
My MSIs are signed. I can right-click on the MSI and see the digital signature, and the timestamp from when that was done. We obtained a signing certificate September last year and it is valid till September this year.
Does this suggest that my CA is not trusted?
My MSIs are signed. I can right-click on the MSI and see the digital signature, and the timestamp from when that was done. We obtained a signing certificate September last year and it is valid till September this year.
Does this suggest that my CA is not trusted?
Possibly or the CA's certificate is not seen by IE as trusted.
I have not downloaded/use IE9 so it is all guess work based on your description.
IE9 is unable to validate/verify the CA.
I have not downloaded/use IE9 so it is all guess work based on your description.
IE9 is unable to validate/verify the CA.
ASKER
I will explore this with my CA, and return with the results of what I find. That seems a good place to start.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I spent way too much time talking to Microsoft support, researching, and finally finding a set of blog articles that let me understand this behavior. I can't fix it, I have to live with it.
ASKER