We used to have a binary running in user space built with VC++ /integritycheck flag which sets IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag on executable (see more here and here). We signed it with our old certificate and it run smoothly. Now we were given new certificate and binary is blocked by security check (defender prompt + log in event log).
Yes, we added certificate to our trusted store.
Yes, we used page hash (/ph) switch while signing.
New cert running fine if we enable test sign on a platform (through bcdedit)
The major difference seems to be that new certificate is not cross signed by Microsoft. Cross signing is no longer supported so maybe anyone knows if there's alternative or how to workaround it? Maybe /integritycheck flag for user space code is no longer valid?
Same issue we found at MSFT forum https://learn.microsoft.com/en-us/answers/questions/348812/signed-file-fails-to-start-because-of-bad-signatur.html. Still no precise answers how to solve it.
We recently upgraded to the latest version of Tableau and are encountering a serious problem. No-one in the tableau community has answered the question and even our paid Tableau support is not responding to us!
We are embedding a viz in our site and then allowing users to click on the "Edit" button which opens up a web-edit version of the workbook. We have special permissions setup that allows them to even save their changes. This has all been working fine.
As of the most recent upgrades where Tableau introduced this idea of a Personal Space we now get a 401 when trying to save in the Web Edit (now labelled "Publish as")
Clicking "Publish As" loads a modal which is meant to display a list of locations to save to but instead displays a spinner which never goes away. The console indicates an error specifically wit the new personal space - 401 - No authentication credentials were provided.
We are using trusted ticket authentication to display our embedded vizzes and have had no problems with web edit saving until now. If we log directly into Tableau the web edit saves perfectly. So it seems to be an issue of Web Edit Saving + Trusted authentication, specifically as it relates to personal spaces.
Seems clear to me that this is a Tableau bug but wondering if anyone can suggest any kind of fix or workaround.
Thank you
This has been confirmed by Tableau as a bug in their latest versions. Unclear when it will be fixed.
They provided us with the following workaround (which is not ideal from a security perspective) but works.
Workaround provided by Tableau. Configuration change required, setting unrestricted tickets to true.
https://kb.tableau.com/articles/issue/login-prompt-when-embedding-server
This is a temporary measure while Tableau develops a more permanent solution.
After the last upgrade of Crystal Reports for Visual Studio, every time I open the report in design view I'm getting multiple certificate errors (see picture below). The errors comes from the SAP web site productupdates.sap.com, which indeed has certificate expired. But I cannot find any references to this site in my project. How to get rid of them? This doesn't happen on all computers, only on mine.
Posted this question in SAP forum - no answer.
Thank you.
https://productupdates.sap.com/ is expired.
See whether Crystal Reports->Check for Updates on Start Up is checked
Turning it off and re-opening the solution appears to stop the continuous certificate security alerts.
I have a ClickOnce application deployed on our internal network. As this is only an "internal" application, I don't really need an "officially signed" certificate for any reason. When I went to publish an update today, I got the error message
The signers's certificate is not valid for signing.
When I check the "Signing" tab in Visual Studio 2010, I can see that I am past the expiration date. I know that I created this TemporaryKey using the "Create Test Certificate" button on this same tab in Visual Studio.
In the past, I just created a new test certificate, and used that. This essentially "buys" me another year until I have to do this all over again. I would like to correctly sign a new certificate that is good for X number of years (or never expires).
I have done some research, but as I am unfamiliar with this whole scenario, the nomenclature is extremely confusing. I can follow instructions, but only if they are written in a manner that an intermediate user can understand. Is there a reference that explains this process step by step, hopefully with screenshots? I can't believe with all my looking around I haven't found this already, so I must not be looking up the relevant keywords.
For future reference, here is all the information you ever wanted about expiring certificates in ClickOnce deployments. It also shows you how to create a certificate and set the date range for which it is valid.
Use Xenos Certificate Generator, a free tool that will allow you to create a certificate with x number of days until expiration.
I'm going crazy! I'm trying to upload the binary of my first application but I have always the same error!
"The binary you uploaded was invalid. The signature was invalid, or it was not signed with an Apple submission certificate."
I did everything, EVERYTHING!!
I created the request for the certificate, used it for both developer and distribution certificate, created the provisioning profile (12 times!!!) always cleaning my keychain and my Xcode deleting the old certificates and profiles..
I reboot the machine, reboot Xcode, the log is correct, but... I can't upload my app!!!!
Checked if my iPhone is connected (i tried with iPhone disconneted too).
I checked the certificate in both my project settings "Distribuition" Configuration (duplicate of "Release" configuration) and in my target settings.
Reveal in finder, compress the app and sent the zip...
I tried with Application Loader and iTunes connect online..
but nothing! NOTHING!!
I've spent 8 hours! And again i can't have my app uploaded!!!
I'm really going crazy!
Can anyone help me pleeease?
Thx!
It seems like there are a LOT of causes for receiving this cryptic and mostly unhelpful email. Even after verifying the use of distribution certificates, cleaning & rebuilding my project, and checking with codesign from the command line (and following instructions from the email), no errors showed up—-but I'd get the "invalid signature" email right after uploading. All the solutions seem anecdotal and obviously depend on what secret error is causing the problem. I've spent the last week pulling my hair out, trying to figure it out for my app—-and finally got it successfully submitted today—so let me share my story and see if it's relevant to your situation.
In my case, I seemed to have a complex cause of having my Entitlement.plist set with an incorrect variable along with the holdover of an old provisioning profile (from a previous Xcode version?) buried deep in the project.pbxproj component of my Xcode project file.
The "aps-environment" variable in my Entitlements.plist was set to "distribution" instead of "production" (I swear I read somewhere in the developer docs that it was supposed to be "distribution"!) But fixing that alone wasn't enough to get my app through. (I must have submitted 100 different combinations of app configurations trying different variables!) Starting with the helpful suggestions from this post on another forum, I dug through the distribution profile and found duplicate entries for some variables. The duplicates had empty quotation marks (i.e. nothing set for the variable) or strange variables or old provisioning profiles which seemed to be causing problems (somehow). Cleaning this up and removing the duplicate lines with bad variables worked in my case. YMMV. But carefully examining the project files ("show contents" on the Xcode project file in finder) seems like a good idea for diagnostics. Good luck!
Been there - done that.
Make sure your certificate is in the "login" keychain, and that that i the default keychain (highlighted bold) in Keychain Access
Make sure you have both the private and public keys for your certificates and that they are valid. You will also need the Apple Worldwide Developer Relations Cert Authority installed.
I assume you have dragged the profile into xcode - easiest to drop them onto the xcode icon on the dock.
Make sure as Paul says, that the bundle identifiers all match up
You say you checked the certificate in the distribution configuration. Its not the certificate you need to concentrate on but the provisioning profile.
Select your Release config top left, click on the project under groups & files and do cmd I. Select build tab and then pick distribution in the top left. Then look at the Code Signing Identity. Pull down the dropdown list and make sure you have the right application identifier, the right profile and the right certificate. Don't use the Automatic Profile Selector.
Hope one of those steps helps!
I was getting the same error when I tried to submit a version update from the Organizer. What solved my issue was using the Application Loader found in the directory /Developer/Applications/Utilities. You'll need to compress your .app file and send the corresponding .zip file. I used this for my initial submission as well, I just thought I'd try the new way. What a pain! Go with Application Loader.
Best solution:
Revoke Distribution Certificate
Create new AppStore provisioning profile
This solved my problem. Spent 4hrs+ :( :)
I just had this problem. I resolved it, after hair-pulling, by going back into Keychain Access one more time and discovering the "Show Expired Certificates" menu item. When I did that, one more expired cert of the kind I had (so far, unsuccessfully) replaced showed up! I had deleted a couple of expired certs already, but this menu item caused another to show up, and after deleting it, my upload worked. I was previously aware that expired certs can get in the way of valid ones, and I STILL wasted a lot of time. Hopefully, this helps some people.