locked
Please explain getting rid of "The program comes from an unknown publisher" for CAB installers RRS feed

  • Question

  • Hello,

    I've created an app, and a CAB installer for it. Whenever I install the CAB on a new device, a warning message pops up:
    "The program comes from an unknown publisher. You should install it only if you trust its publisher."
    I wanted to get rid of this message, so I followed these 2 articles:
    http://www.codeproject.com/KB/mobile/deploycertwithcode.aspx
    http://www.codeproject.com/KB/mobile/signcode.aspx?msg=1758507

    But I am still getting that message! Here's what I do:
    1) Create my certificate (makecert.exe, pvk2pfx.exe)
    2) Sign all .exe and .dll files (including setup.dll) of my project with the certificate (signtool.exe)
    3) Generate an .xml file using checksums taken from my .cer file (using openssl.exe)
    4) Use cabwiz.exe with /prexml parameter and the .xml file

    And according to the article, that should be it. But when run the .cab file I'm still getting the message!
    I also tried signing this .cab file with my certificate (with signtool.exe), but the problem remains. Do I need this step at all?

    Please tell me if there is any step missing?

    Sunday, November 22, 2009 2:17 PM

Answers

  • A certificate you make yourself won't do because it's not associated with a trusted authority.

    If you are just trying to get rid of the message on your own phone you can use the "Windows Mobile Security Powertoy" to disable that prompt.  If you are trying to get rid of the message because you are distributing your software on your own you will need to purchase a certificate from a trusted root authority.  If you plan on distributing your software through the Windows Marketplace for Mobile then you don't need to worry about this since Microsoft will sign your code.
    It takes all the running you can do to stay in one place.If you want to get somewhere else,you must try to run at least twice as fast as that.
    • Marked as answer by ranosoft Monday, November 23, 2009 12:01 AM
    Sunday, November 22, 2009 7:50 PM

All replies

  • A certificate you make yourself won't do because it's not associated with a trusted authority.

    If you are just trying to get rid of the message on your own phone you can use the "Windows Mobile Security Powertoy" to disable that prompt.  If you are trying to get rid of the message because you are distributing your software on your own you will need to purchase a certificate from a trusted root authority.  If you plan on distributing your software through the Windows Marketplace for Mobile then you don't need to worry about this since Microsoft will sign your code.
    It takes all the running you can do to stay in one place.If you want to get somewhere else,you must try to run at least twice as fast as that.
    • Marked as answer by ranosoft Monday, November 23, 2009 12:01 AM
    Sunday, November 22, 2009 7:50 PM
  • Are you sure about that? (that it needs to be a trusted certificate)

    If so, then what benefits do I get from signing my app with a free certificate? What's the point of the two articles I mentioned then?

    Yes, I'd like to participate in Marketplace, but I'm still waiting for information about the promised "free for students" Dreamspark offer (see here). I don't want to pay $99 today, and tomorrow learn that it's just became free for me :)
    Sunday, November 22, 2009 11:26 PM
  • The code at the article is creating a new certificate to install as a trusted authority (search for the text "trusted authority" on the sign code article to see what I am referring to).  That would be fine if you are distributing applications to a set of devices that you control (ex: you manage devices in a small business and can install the certificate on all of them) but not so good for general software distribution.
    It takes all the running you can do to stay in one place.If you want to get somewhere else,you must try to run at least twice as fast as that.
    Sunday, November 22, 2009 11:56 PM