Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Windows publisherName doesn't match code sign cert

See original GitHub issue

Version: “electron”: “^1.6.11”, “electron-builder”: “^19.11.1”, “electron-publisher-s3”: “^19.5.0”, “electron-updater”: “^2.4.3”
Target: build --win --publish always --x64

// build config
...
        "productName": "Wayhome",
        "artifactName": "${productName}-setup-${version}.${ext}",
        "publish": {
            "provider": "s3",
            "bucket": "mybucket",
            "path": "${channel}/${os}"
        },
        "appId": "com.Wayhome.desktop",
        "forceCodeSigning": true,
         "win": {
            "icon": "./resources/icon.ico",
            "signingHashAlgorithms": ["sha256"],
            "target": ["nsis"],
            "publisherName": "WAYHOME, INC." // this matches the p12 cert CN
        },

Think this is related to #1641

With the above config, app-update.yml on my development machine looks like this (note that publisherName should equal WAYHOME,INC, no quotes or dash)

publisherName:
  - 'WAYHOME, INC.'
provider: s3
bucket: mybucket
path: beta/win
channel: beta

&& it looks the same once it’s installed on Windows.

Since this publisherName doesn’t match my cert, it’s giving me the error pasted at the bottom.

If I omit publisherName from the config and let it default to the cert, app-update.yml ends up with:

publisherName:
  - |-
    WAYHOME, INC.
    issuer=
provider: s3
bucket: mybucket
path: beta/win
channel: beta

If I manually change the app-update.yml to this:

publisherName: WAYHOME, INC.
provider: s3
bucket: mybucket
path: beta/win
channel: beta

…update works as expected.

Signs don’t match error:

[2017-06-30 11:12:34:0854] [error] Error: New version 1.0.3-beta.17 is not signed by the application owner: {
  "SignerCertificate": {
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1528934399000)/",
    "NotBefore": "/Date(1497312000000)/",
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "...",
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.11",
      "FriendlyName": "sha256RSA"
    },
    "Thumbprint": "...",
    "Version": 3,
    "Issuer": "CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB",
    "Subject": "CN=\"WAYHOME, INC.\", O=\"...address etc"
  },
  "TimeStamperCertificate": null,
  "Status": 0,
  "StatusMessage": "Signature verified."
}
    at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\NsisUpdater.js:121:1
From previous event:
    at _e.doDownloadUpdate (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\NsisUpdater.js:129:1)
    at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:320:1
    at Generator.next (<anonymous>)
From previous event:
    at _e.downloadUpdate (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:326:1)
    at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:293:1
From previous event:
    at _e.doCheckForUpdates (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:296:1)
    at C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:250:1
    at Generator.next (<anonymous>)
    at runCallback (timers.js:651:20)
    at tryOnImmediate (timers.js:624:5)
    at processImmediate [as _immediateCallback] (timers.js:596:5)
From previous event:
    at _e._checkForUpdates (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:255:1)
    at _e.checkForUpdates (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\~\electron-updater\out\AppUpdater.js:213:1)
    at App.<anonymous> (C:\Users\brand\AppData\Local\Programs\wayhome\resources\app.asar\webpack:\app\auto-updating\auto-updater.js:6:1)
    at emitTwo (events.js:111:20)
    at App.emit (events.js:191:7)

Issue Analytics

State:
Created 6 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

6reactions

brandonmpcommented, Jul 5, 2017

wow, you’re the most responsive OSS dev I’ve ever seen. thanks again @develar

0reactions

develarcommented, Jul 5, 2017

Ok, published to all (marked as latest).

Top Results From Across the Web

Experiencing [invalid package publisher name] error

When I then build the store package, I receive the following error... warning : Publisher name (CN=<ID>) does not match signing certificate subject:...

The app manifest publisher name (CN={digits}) must match ...

As the error says, the Publisher (in the manifest) must match the Subject of the certificate used to sign your application.

Visual Studio Code Signing Problems - Wentz Wu

1. Error Importing Key into Visual Studio 2019 can be solved by using a Microsoft proprietary certificate format for code signing. 2.

Associating C++ UWP app with the Windows Store doesn't ...

AppXPackage.Targets(2698,5): warning : Publisher name (CN=AF9XXXXX-XXXX-XXXX-XXXX-XXXXXXXXCCB8) does not match signing certificate subject: ...

Code Signing FAQs | Learn About Code Signing Certificate

You cannot get a code signing certificate with the name of your website as the publisher unless you have registered your website as...