[SERVER-10849] Sign the Windows MSI with code signing certificate Created: 23/Sep/13  Updated: 11/Jul/16  Resolved: 15/Jan/14

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: 2.5.2
Fix Version/s: 2.5.5

Type: Bug Priority: Critical - P2
Reporter: Sridhar Nanjundeswaran Assignee: Ernie Hershey
Resolution: Done Votes: 0
Labels: 26qa, windows
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: Windows
Participants:

 Description   

Currently the enterprise msi is unsigned. We need the msi to be signed when built.



 Comments   
Comment by Ernie Hershey [ 07/Jan/14 ]

I'm back and working on this. It's my highest priority other than 2.2.7 and 2.4.9 releases.

My next steps will be roughly:

  1. Download unsigned specific nightly MSI and verify its behavior when downloaded via a browser - e.g. security dialogs, basic install.
  2. Get self signed cert for testing process without using prod cert.
  3. Manually sign the same MSI and re-verify download/install, make sure unsigned warnings/errors go away
  4. Set up automation with self signed cert for MCI to do signing if possible.
  5. May have to just integrate manual signing into release process if automating in build process isn't feasible
  6. Manually sign with prod cert and re-verify.
  7. Swap in prod cert for self signed cert
Comment by Ernie Hershey [ 21/Dec/13 ]

We have the cert. I'm working with akshay and daniel.medina and sridhar and probably the mci team to incorporate signing into the build/release process.

Comment by Eric Milkie [ 23/Sep/13 ]

We should probably sign all MSI's generated by the build.

Generated at Thu Feb 08 03:24:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.