Description
Describe the bug
Our friends from Apache Lounge (@SteffenAL) have reported that the ModSecurity IIS build/msi installer seems to be missing proper digital signatures leading to error / warning messages on modern versions of Windows.
This demands further investigation to see where it happens, workarounds and additional steps recommended for a future release.
To Reproduce
Steps to reproduce the behaviour:
When I download I get a big warning from IE, see attached pic.
The other problem with not signed .msi's is: when I double click on the .msi, I get in the Event viewer: ActivateApplicationForContractByExtensionIdAsUserWithHost of the app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App for the Windows.Protocol contract failed with This app can't be activated by the Built-in Administrator.
Expected behavior
The MSI installer should ideally be digitally signed as per best practices to avoid warnings / errors such as the ones reported here.
Server (please complete the following information):
- ModSecurity version (and connector): 2.9.3 32b/64bit msi installers
- WebServer: IIS?
- OS (and distro):
Additional context
Do not know if this also happens with Win10 or other server editions.
The MSIs are already digitally signed with PGP signatures as available here and here.