I am having a case of sudden problems. Normally I have been able to build patches to MSI install packages in a way so that when the patch is applied no administrator rights are needed - making it possible to update an installed application from a standard user account. Bootstrapper EXE, install package MSI and patch MSP are all signed with the same valid certificate.
Now however, I suddenly got a problem where this does not work anymore. When installing the patch it pops up the UAC dialog box asking for administrator password. So, I enabled logging on the patch install and this is what Microsoft installer tells me:
MSI (s) (58:40) [09:11:17:787]: Certificate of signed file 'C:\Windows\Installer\23f85ae.msp' differs in size with the certificate authored in the package
MSI (s) (58:40) [09:11:35:025]: MSI_LUA: Credential Request return = 0x800704C7
This installation is forbidden by system policy. Contact your system administrator.
But the certificate I sign all the files with (exe, msi, msp) is the very same. Any suggestions? (WIX is used for authoring the install package)
EDIT: Also, I have tried to extract the certificates from the built MSI and MSP packages and they are the same size. So I don't really understand why I get that error message in Microsoft Installer log for the patch.
I was working on the same problem. When trying to install .msp patch the installer gave me the same message: "Certificate of signed file 'C:\Windows\Installer.....msp' differs in size with the certificate authored in the package"
I want to share my solution. It took me two days to figure it out.
My problem was that the certificate which I embed in MsiPatchCertificate table was in different format. It must be in DER format. To convert certificate from PEM to DER format use:
openssl x509 -outform der -in cert.pem -out cert.cer
Ok I finally found the issue, there indeed was a certificate being authored into the package, and its due date had passed long ago. The mystery remains though as to why the installations problems were encountered only now and not long ago.
Oh well...
User contributions licensed under CC BY-SA 3.0