Recent update causes IE and Edge to erroniously report "The signature of xxxx.msi is corrupt or invalid"

By design Issue #6246005

Details

Created
Jan 20, 2016
Privacy
This issue is public.
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

I am sure you have your own ftp site to try this on but if you want to download my msi and verify it yourself with signtool then here you go:
http://www.paybreeze.com/download.htm

Expected Results:

IE and Edge should not be telling users that the signature is invalid when in fact it is.

Actual Results:

Dev Channel specific:

No

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Sermet I.”

      Changed Assigned To from “Sermet I.” to “IE S.”

      Changed Status to “By design”

    • Hello,

      Thank you for providing this information about the issue. Edge and IE are working as designed; the msi is signed with an SHA1 certificate, which is no longer considered valid. Please refer to http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx for information about this change.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in