Why not disable the cert check in your bundle? You can still sign your content.
" SuppressSignatureVerification By default, a Bundle will use the hash of a package to verify its contents. If this attribute is explicitly set to "no" and the package is signed with an Authenticode signature the Bundle will verify the contents of the package using the signature instead. Therefore, the default for this attribute could be considered to be "yes". It is unusual for "yes" to be the default of an attribute. In this case, the default was changed in WiX v3.9 after experiencing real world issues with Windows verifying Authenticode signatures. Since the Authenticode signatures are no more secure than hashing the packages directly, the default was changed. " -----Original Message----- From: Matthew J. Bobowski [mailto:mjb8...@hotmail.com] Sent: Friday, December 12, 2014 4:38 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Setup bootstrapper fails if root certificate cannot be validated I know this has been asked before, but is it possible for a WiX-generated bootstrapper to ignore issues when installing digitally signed files. Error 0x800b010a - An internal certificate chaining error has occurred. This error can happen if the root certificate is not known. Apparently there are two workarounds. Connect the computer to the Internet or manually install the Update for Root Certificates on Windows XP (KB931125). http://www.microsoft.com/en-us/download/details.aspx?id=35945 Before I hear - "Microsoft dropped support for XP what do you think you're doing?" Or "Just connect your computer to the Internet." Let me explain that this is for Windows XP Embedded and Windows Embedded Standard 2009 - both of which are still supported by Microsoft and will be into the future. And connecting to the Internet apparently does not help for Windows Embedded. Also, adding rootsupd.exe to the bootstrapper does not help of course, because we're in a chicken and egg scenario. The verification of certificate happens during the cache and before the first chained package. I would rather not provide a bootstrapper that cannot handle this, or at least be able to strap the update for root certificates first - with the WiX bootstrapper! Thanks, -Matt ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
