Summary

Symptoms

When building an InstallShield project, one of the following errors may occur:

"Error -6258: An error occurred extracting digital signature information from file [1]. Make sure the digital signature information provided in the IDE is correct."

"Error -6258: The function WinVerifyTrust returned error code -2146762483. This error code indicates that the certification path terminates with the test root which is not trusted with the current policy settings. Please verify whether this is a test certificate."

[1] is a placeholder that contains the file being used to extract the digital signature information.

Cause

This error is known to occur for the following reasons:

1. The digital signature password provided in the Release Wizard is incorrect.

2. The digital signature files have expired and are, therefore, invalid. Digital signatures are only valid for a limited time and can cause this error when expired.

3. The digital signature syntax entered into the Release Wizard is incorrect.

4. When building from the command-line utility IsCmdBld.exe on a standalone build machine, and the file signtool.exe is not present on the build machine.

5. The certificate being used is a "test" certificate. If you are not using "official" digital signature files that you obtained from a valid certification authority, this error will occur.

Resolution

1. Verify the password entered for the digital signature in the Digital Signature panel of the Release Wizard is accurate. Note this password is case-sensitive. If in doubt, contact the digital signature issuer, such as VeriSign, for the correct password.

   Another way to verify if the password is accurate is to manual calling the utility signtool.exe to sign a file. This file is located, by default, in <Product Path>\Support. If the signing process fails using this method as well, it is safe to assume that the password is incorrect.

   Note: By default, <Product Path> is the installed location of the product, e.g., Program Files\InstallShield\2010 or Program Files\InstallShield\2011.

2. If the digital signature has expired, contact the digital signature issuer, such as VeriSign, to purchase a new digital signature.

   Another option to determine if the password is expired can be found in Resolution A. The signtool.exe utility can be used to manually sign a file to ensure it works correctly. This would easily determine if the problem is caused by an expired or incorrect password or for some other reason.

3. The information entered in the Digital Signature panel of the Release Wizard must be accurate for the signing to complete properly. Make sure the URL specified is accurate, and the .spc and .pvk files specified are located in the path indicated.

4. Search for the file signcode.exe in the <PROGRAMFILES>\InstallShield\StandaloneBuild directory. If this is not present, manually copy it to this location from one of the following sources:
   • For a machine with the full version installed, this file can be found in the system folder for the product.

     i.e., <Product Path>\System.

   • Perform a search in Windows to locate this file on the InstallShield CD itself.

5. Please contact the certification authority that provided the certificate to verify it is valid, and is not a test certificate.

Additional Information

Further details on VeriSign may found at the VeriSign Website.