UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Digital Signature Trusted At First, Then Not!, Access 2010    
 
   
FrankVenditti
post Dec 4 2019, 01:03 PM
Post#1



Posts: 56
Joined: 29-August 08
From: Long Island, NY


Hi Everybody,
We're installing a Runtime version of an MSACCESS2010 app at a client. The app is a 32bit and the PC is a WIN-10 64 bit. The app contains a Digital Certificate that prompts for installation when the app is first launched. We install the certificate and all seems well and good. The app launches and all functionality is correct. The problem occurs after we exit the app and try to launch it a second time. When we do this, the following error appears;
"A potential Security Concern Has Been Identified"
"WARNING: The Digital Certificate has been tampered with after the Content was signed."
"The Content cannot be Trusted." At this message, the only option is to select Cancel and the app shuts down.
If I download a backed up copy of the App it launches fine the FIRST time, but issues the Warning on subsequent attempts to launch.
NOTE we have this same version of the app running at other WIN-10 client sites with NO problems.

Any ideas as to what may be causing the issue?

Thanks in advance
Frank V.
Go to the top of the page
 
theDBguy
post Dec 4 2019, 01:05 PM
Post#2


UA Moderator
Posts: 76,866
Joined: 19-June 07
From: SunnySandyEggo


Hi Frank. Just curious, is the digital certificate from a trusted publisher?

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 
FrankVenditti
post Dec 4 2019, 01:12 PM
Post#3



Posts: 56
Joined: 29-August 08
From: Long Island, NY


DBguy,
It is self signed and I installed it to the Trusted root and Trusted publishers store. Also, as I mentioned, it doesn't exhibit this behavior at any of my other clients with the same environment. Also, the client with the issue has a VM, where the same app and cert are installed and that VM doesn't have the problem.
F.
Go to the top of the page
 
PhilS
post Dec 4 2019, 01:25 PM
Post#4



Posts: 651
Joined: 26-May 15
From: The middle of Germany


QUOTE
The app contains a Digital Certificate that prompts for installation when the app is first launched. We install the certificate and all seems well and good. The app launches and all functionality is correct.

I'm rather surprised that this does not fail right away. Are you still using the MDB file format? - It is not possible to sign the accdb file format at all!

--------------------
Go to the top of the page
 
FrankVenditti
post Dec 4 2019, 01:35 PM
Post#5



Posts: 56
Joined: 29-August 08
From: Long Island, NY


Phil, Yes the FE app and BE database are all MDBs.
F.
Go to the top of the page
 
DanielPineault
post Dec 4 2019, 02:28 PM
Post#6


UtterAccess VIP
Posts: 7,008
Joined: 30-June 11



I didn't think you could sign Access databases because the minute you use them they change and thus invalidate the certificate. From my understanding, you can cert the installer if your want, but not the database itself.

--------------------
Daniel Pineault (2010-2019 Microsoft MVP, UA VIP, EE Distinguished Expert 2018)
Professional Help: https://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: https://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
PhilS
post Dec 5 2019, 04:49 AM
Post#7



Posts: 651
Joined: 26-May 15
From: The middle of Germany


QUOTE
I didn't think you could sign Access databases because the minute you use them they change and thus invalidate the certificate.

Partially correct. - You were never able to sign an Access database as a whole. But with the MDB file format you can sign the VBA code in your Access application. If you consider MDE/AccDE where all code is in a static compile representation, signing the VBA code should be possible, as the code does not change. - Unfortunately, this isn't possible any more with the AccDb file format for whatever reason.
This post has been edited by PhilS: Dec 5 2019, 04:52 AM

--------------------
Go to the top of the page
 
FrankVenditti
post Dec 5 2019, 10:54 AM
Post#8



Posts: 56
Joined: 29-August 08
From: Long Island, NY


Hi Everybody,
Good news! I found a solution to the problem I was asking about.

NOTE: My issue was that an MSACCESS 2010 application on a WIN-10 PC, digitally signed and installed in the Trusted store, using a runtime module WITHOUT a full blown version of MSACCESS installed, would only launch successfully ONCE. All subsequent attempts to launch the application would result in a security warning stating that the application had been changed since the Digital Certificate was installed.

SOLUTION: Under SETTINGS, UPDATE & SECURITY, FOR DEVELOPERS, USE DEVELOPER FEATURES; select the DEVELOPER MODE option.

Frank V.
Go to the top of the page
 
theDBguy
post Dec 5 2019, 11:01 AM
Post#9


UA Moderator
Posts: 76,866
Joined: 19-June 07
From: SunnySandyEggo


Hi Frank. Glad to hear you found a solution. Just for clarification, are you referring to the Windows (OS) Settings?

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 
FrankVenditti
post Dec 5 2019, 11:14 AM
Post#10



Posts: 56
Joined: 29-August 08
From: Long Island, NY


Dbguy,
Yes, just right click the start window, select the settings option and mine down to FOR DEVELOPERS as I described above.
Frank
Go to the top of the page
 
theDBguy
post Dec 5 2019, 11:34 AM
Post#11


UA Moderator
Posts: 76,866
Joined: 19-June 07
From: SunnySandyEggo


Hi Frank. Thanks for the clarification. How did you figure that out? Just curious...

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 
FrankVenditti
post Dec 5 2019, 11:50 AM
Post#12



Posts: 56
Joined: 29-August 08
From: Long Island, NY


Dbguy,
The app and certificate worked fine at other client sites so figured it had to be a win 10 setting unique to the pc. I was intrigued by the explanation of the developer mode and decided to give it a shot. lo and behold it worked. I have been a developer for over 50 years, So I have solved many problems going on gut instincts. I remembered the troublesome macro settings and virtual store issues from previous MSACCESS versions. I believe it was part intelligent guess and part luck.m
Go to the top of the page
 
theDBguy
post Dec 5 2019, 11:54 AM
Post#13


UA Moderator
Posts: 76,866
Joined: 19-June 07
From: SunnySandyEggo


Either way, it was great detective work and a good job. Cheers! cheers.gif

--------------------
Just my 2 cents... "And if I claim to be a wise man, it surely means that I don't know" - Kansas
Access Website | Access Blog | Email
Go to the top of the page
 
FrankVenditti
post Dec 5 2019, 12:15 PM
Post#14



Posts: 56
Joined: 29-August 08
From: Long Island, NY


Thanks Dbguy!
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    11th December 2019 - 08:33 AM