You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLDR: This error is expected and the change is legitimate. To update, switch to Install-Module, then slap on the -SkipPublisherCheck and -Force parameters and continue your update.
I've always been very proud that dbatools is Code Signed like a "real" application. These certs prove the identity of the creator and help prevent tampering. The certificates cost a bunch of money and are hard to obtain. You gotta send in tons of paperwork, including your passport and business papers. But again, the payoff is fantastic -- basically, it makes dbatools ready for the Enterprise and ready to deploy at organizations with strict security.
Validating the dbatools organization identity for a code signing certificate is always a pain, and it's required to recur every 3 years. This year, though, I had to do that PLUS I also had to figure out this whole new signing process.
After months of working with Jess Pomfret and weeks of working with Jordan Borean, WE FINALLY FIGURED IT OUT!! But unfortunately, the new requirements breaks the catalog check for Update-Module because all of the Certificate Authorities had to update their CA Servers.
This causes the following error (or something similar):
PS> Update-Module dbatools
PackageManagement\Install-Package : Authenticode issuer 'CN=dbatools, O=dbatools, L=Vienna, S=Virginia, C=US' of the new module 'dbatools' with version '2.0.4' from root certificate authority 'CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1, O="DigiCert, Inc.", C=US' is not matching with the authenticode issuer 'CN=dbatools, O=dbatools, L=Vienna, S=Virginia, C=US' of the previously-installed module 'dbatools' with version '1.1.99' from root certificate authority 'CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US'. If you still want to install or update, use -SkipPublisherCheck parameter.
This is expected and the change is legitimate. To update, switch to Install-Module, then slap on the -SkipPublisherCheck and -Force parameters and continue your update. As people update over time, this should become less and less of a support issue for us, I presume in 2-3 years 😅
Likely in part due to these new requirements, Microsoft is coming up with a new version (sorta) of Update-Module that does not perform this check so stay tuned.
And again, this change and the subsequent errors are expected.
The text was updated successfully, but these errors were encountered:
potatoqualitee
changed the title
Update-Module dbatools Authenticode Issuer Error for version 2.1.0
ERROR: Update-Module dbatools Authenticode Issue for 2.1.0
Sep 21, 2023
TLDR: This error is expected and the change is legitimate. To update, switch to
Install-Module
, then slap on the-SkipPublisherCheck
and-Force
parameters and continue your update.I've always been very proud that dbatools is Code Signed like a "real" application. These certs prove the identity of the creator and help prevent tampering. The certificates cost a bunch of money and are hard to obtain. You gotta send in tons of paperwork, including your passport and business papers. But again, the payoff is fantastic -- basically, it makes dbatools ready for the Enterprise and ready to deploy at organizations with strict security.
The new private key storage requirement for Code Signing certificates were implemented this year, making the signing process a whole lot harder. This change lead to us not publishing a new module for a little over three months.
Validating the dbatools organization identity for a code signing certificate is always a pain, and it's required to recur every 3 years. This year, though, I had to do that PLUS I also had to figure out this whole new signing process.
After months of working with Jess Pomfret and weeks of working with Jordan Borean, WE FINALLY FIGURED IT OUT!! But unfortunately, the new requirements breaks the catalog check for
Update-Module
because all of the Certificate Authorities had to update their CA Servers.This causes the following error (or something similar):
This is expected and the change is legitimate. To update, switch to
Install-Module
, then slap on the-SkipPublisherCheck
and-Force
parameters and continue your update. As people update over time, this should become less and less of a support issue for us, I presume in 2-3 years 😅Likely in part due to these new requirements, Microsoft is coming up with a new version (sorta) of
Update-Module
that does not perform this check so stay tuned.And again, this change and the subsequent errors are expected.
The text was updated successfully, but these errors were encountered: