Solved

InstallShield: Deploying Signed Package Without Outbound Internet Access

Posted on 2012-04-03
6
854 Views
Last Modified: 2012-04-07
Using IS 2009 Premier:
MSI: Basic
Certificate: Thawte

Trying to find out how to install a signed package on a machine that does not have outbound internet access.

We are deploying a web application (customer will have IIS 7).

Thanks,

Rick
0
Comment
Question by:sadlermd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 37803835
Should be no problem at all. Having signed code does not mean you need internet connection in order to use it.
0
 

Assisted Solution

by:sadlermd
sadlermd earned 0 total points
ID: 37806758
I found the answer - you must make sure that the root certificate is found on the target computer.

When we tried installing our application on servers where outbound internet access was not available, we got a 1330 error that included a 266 error message: "Error 266 was returned by WinVerifyTrust".

After we imported the required root certificates, the problem went away.

http://www.verisign.com/support/roots.html
0
 

Author Comment

by:sadlermd
ID: 37806901
I've requested that this question be closed as follows:

Accepted answer: 0 points for sadlermd's comment #37806758

for the following reason:

works...
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 40

Assisted Solution

by:Vadim Rapp
Vadim Rapp earned 500 total points
ID: 37806902
The original question was answered in the comment 37803835. The problem with the machine not having root certificate is different - the initial set of root certificates is installed with Windows; later they may be updated, but not doing it only results in problems when the machine encounters a certificate signed by signing authority unknown to it. In that case the administrator must obtain the root certificate of the authority who signed the certificate, and decide whether he trusts it or not.  This can be acbieved by obtaining updated Microsoft list, if this authority is there; but you can also obtain it directly from the authority that signed it - such as if you work with a developer, who can produce his certificate but does not want to pay Verisign hundreds of dollars, because he is working only for you so he can simply send you his certificate and you make it trusted in your organization; it's equally possible to refuse to trust an authority from Microsoft list if you want to. Also you can simply put this specific certificate into enterprise trust.

In any case, the answer to the original question "how to install a signed package on a machine that does not have outbound internet access" is "you don't need internet access to install signed package". If there are further problems, like in this case, they should be dealt with accordingly.

The proposed answer answers entirely different problem, described in the answer itself.
0
 

Accepted Solution

by:
sadlermd earned 0 total points
ID: 37808039
Asking *how* to do something implies directions - and although it is true you don't need internet access to install signed packages, it does require a couple of things  be in place for it to work!

How to install a signed package when outbound internet access is not available:

1. Make sure required root certificate(s) is on the target computer (use mmc.exe to check)
2. If not, add (import) them (be sure to provide a link to root certificates)
3. Run installation

If the root certificate doesn't exist and the cert can't authenticate via the internet, the installation will throw a 1330 error along with a 266 error...

Hope this helps...
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 37808172
No, I'd say it's easier than that.

1. launch the installation
  2a if there's no error (which is in 99%), then enjoy the product.
  2b. if there's an error, find out what the error is and address accordingly.
      3. if #2b is difficult, than post the error on E-E and seek help. So this question would be not "how to run installation w/o internet" but "what to do with error xxx".

Since in 99% it's 2a, no need to even think about root certificates before you run the installation.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most frequently asked questions on EE in the "Windows Installer" zone is how to eliminate self-triggered installation of some product.  The problem occurs when, suddenly, whenever a certain application is launched, or even when a folder i…
Installations often have prerequisites, such as “Microsoft .Net framework is required for this product”. The usual implementation in MSI installations is system search for a particular registry setting representing the required prerequisite, followe…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question