Digital Signature Panel

InstallShield 2024 » Release Wizard

The Digital Signature panel enables you to specify digital signature information for your package and the files in your package. Digitally signing your application assures your end users that the code within your application has not been modified or corrupted since publication.

Settings on the Digital Signature Panel

Setting

Description

Certificate URL

Type a fully qualified URL—for example, http://www.mydomain.com. This URL is used in your digital signature to link to a site that you would like end users to visit to learn more about your product, organization, or company.

Digital certificate information

To specify the digital certificate that you want to use to sign your release, click the Browse button next to this setting. The Certificate Selection dialog box opens, enabling you to specify either the location of the .pfx file, certificate file (EV exported .cer file), or information about the certificate store that contains the certificate.

InstallShield provides an option to encrypt and store an EV token password in the project file using the public key certificate (.cer) file. The .cer file is generally created by exporting a public key from the EV Authentication Client tools associated with a USB eToken provider (for example, SafeNet Authentication Client). InstallShield displays additional options to configure the Extended Validation (EV) certificate properties if the .cer file is specified. For more details, see:

Configuring Extended Validation (EV) Digital Certificate Information in InstallShield
Certificate Selection Dialog Box.

After specifying the .pfx file or choosing the certificate from test store, the below will be displayed:

Certificate Thumbprint—This read-only setting displays the certificate thumbprint.
Issued By—This read-only setting displays the certificate issuer information.
Expiration Date—This read-only setting displays the certificate’s expiration date.

After specifying the certificate file (EV exported .cer file), the below settings will be displayed:

Cryptographic Provider—This setting allows you to specify the cryptographic service provider (CSP).
Container Name—This setting allows you to specify the private key container name associated to the cryptographic service provider (CSP).
Token Password—This setting allows you to specify the EV token password which is encrypted and stored in a project file.

Note:Note the following informations while utilizing the settings that appear after specifying the certificate file (EV exported .cer file):

Both the Cryptographic Service Provider (CSP) name and Container name can be obtained from the Private Key Certificate properties of a user certificate in the EV Vendor Authentication Client tool.
An EV certificate vendor determines an EV token password's expiration period and number of invalid password attempts before it is locked. Therefore, selecting this setting requires changing your password in specific intervals.
If an EV token password is locked, unlocking/resetting the token password requires an administrator password.

Certificate password

If the .pfx file that you are using has a password, enter it. InstallShield encrypts the password and stores it in your project file (.ism).

At build time, InstallShield uses the password to sign files with a .pfx file. If your certificate is protected by a password but you do not enter it in this setting, signing with a .pfx file fails.

Note that if you configure your project to use a certificate that was imported with password protection into a store, Windows prompts for the password at build time when InstallShield is attempting to sign your project’s files. The strong key protection that Windows uses does not permit InstallShield to provide the password to the cryptographic provider.

See Also

Digital Signing and Security

Digitally Signing a Release and Its Files at Build Time

Digitally Signing a Release After It Has Been Built From the Command Line

Changing the Timestamp Server for Digital Signatures