• Electron-Builder Version: 24.13.3

• Node Version: v20.11.1

• Electron Version: 29.1.6
• Electron Type (current, beta, nightly): current

• Electron Updater: 6.2.1 (last working version is 6.1.8)

• Target: Windows

I am using electron-builder to build macOS and Windows builds of our application. I was on electron-updater 6.1.8 and updated to 6.1.9 a couple of weeks ago and everything worked fine. Now we wanted to release another update for Windows, and then we discovered that the electron-updater does not accept updates using our Sectigo Code Signing certificate (which did not change!) as it contains a German special character (ä) due to our legal name (Company name UG (haftungsbeschränkt). So all customers who have the version using electron-updater 6.1.9 won't be able to automatically update our application.

I tried multiple different things and figured out that in 6.1.8 the certificate was accepted as usual and starting from 6.1.9 until the latest version, 6.2.1, it does not accept the certificate anymore.

When the auto-updater is run, I get the following log outputs:

I tried everything I could imagine. The Windows Version does not matter, the OS language is not a problem, I tried the PowerShell commands which return the certificate information from the electron-updater source code, but everything seems correct.

Now I have to figure out how to notify our customers to manually update the application on all devices...

So the only change between 6.1.8 and 6.1.9 that's related to signing verification is this diff
https://github.com/electron-userland/electron-builder/compare/electron-updater@6.1.8...electron-updater@6.1.9#diff-91fab3cd539f30ee3e335abd198fa27b33da0d3c19672f5e374cbc130b7010ea
It fixes this issue: #7127

Can you copy-paste your full issuer DN (or sample DN with your special characters) and I can create a unit test for this. Electron-builder already has multiple unit tests for signature validation and it was added to codesigning unit test CI node, but it doesn't verify special characters. I'll need to create a self-signed cert locally with the special characters provided to repro your issue

As with all electron-updater version changes, it is highly advised to be tested internally before deploying to users. This is a necessary element of any release process.

Yeah, I already looked into the diffs and I also ran both PowerShell commands with the signed installer, and it seemingly produced the same output. The certificate has not changed, also the Windows Version is the same. The Windows executable is built on a Mac, but also the Mac has not changed and when reverting back to 6.1.8 it was working again. So that's the strange part.

A full DN similar to our Company name would be:
C=DE
S=Bavaria
L=Munich
O=Company UG (haftungsbeschränkt)
CN=Company UG (haftungsbeschränkt)

Also quite common German special characters are äüöß.
So, for example, CN=Müller GmbH, or CN=Möbel AG

Sounds good, I'll try and repro this locally on my arm64 windows VM. Currently swamped with work though