Why does the “Unknown Publisher” message appear during the install of a digitally signed package?
This problem occurs only if the SignTool.exe from Windows SDK v.7.0 or later is used to sign the package and the “File From Disk” option is enabled in Advanced Installer’s Digital Signature Page. The package will appear as signed, but upon a closer inspection the certificate used in the signing process will be reported as invalid. Because of this, the “Unknown Publisher” message will be displayed on Windows Vista or above, during installation. As a solution, Microsoft recommends importing the certificate in the system store and automatically use it from here everytime a package is being digitally signed, instead of manually selecting the certificate file. In this case, the option “Automatically get certificate from system store” should be used in Advanced Installer’s Digital Signature Page. Another solution, not recommended by Microsoft, is to use the SignTool.exe from an older version of Windows SDK along with the “File From Disk” option enabled in Advanced Installer Digital Signature
