WIX: Installing Patch without UAC elevation fails

I am having a case of sudden problems. Normally I have been able to build patches to MSI install packages in a way so that when the patch is applied no administrator rights are needed - making it possible to update an installed application from a standard user account. Bootstrapper EXE, install package MSI and patch MSP are all signed with the same valid certificate.

Now however, I suddenly got a problem where this does not work anymore. When installing the patch it pops up the UAC dialog box asking for administrator password. So, I enabled logging on the patch install and this is what Microsoft installer tells me:

MSI (s) (58:40) [09:11:17:787]: Certificate of signed file 'C:\Windows\Installer\23f85ae.msp' differs in  size with the certificate authored in the package
MSI (s) (58:40) [09:11:35:025]: MSI_LUA: Credential Request return = 0x800704C7
This installation is forbidden by system policy. Contact your system administrator.

But the certificate I sign all the files with (exe, msi, msp) is the very same. Any suggestions? (WIX is used for authoring the install package)

EDIT: Also, I have tried to extract the certificates from the built MSI and MSP packages and they are the same size. So I don't really understand why I get that error message in Microsoft Installer log for the patch.

I was working on the same problem. When trying to install .msp patch the installer gave me the same message: "Certificate of signed file 'C:\Windows\Installer.....msp' differs in size with the certificate authored in the package"

I want to share my solution. It took me two days to figure it out.

My problem was that the certificate which I embed in MsiPatchCertificate table was in different format. It must be in DER format. To convert certificate from PEM to DER format use:

openssl x509 -outform der -in cert.pem -out cert.cer