Digital Signature Options Panel

InstallShield 2016 » Release Wizard

The Release Wizard includes the Digital Signature Options panel if you enter digital signature information on the Digital Signature panel.

Use the Digital Signature Options panel to specify which files in your installation should be digitally signed at build time.

Tip • You can also configure digital signature information for a release on the Signing tab in the Releases view.

Settings on the Digital Signature Options Dialog Box

Setting

Project Type

Description

Sign Windows Installer Package

Basic MSI, InstallScript MSI, Merge Module

If you want to sign your Windows Installer package (.msi file), select this check box.

Note • You can sign the Windows Installer package only if version 2.0 or later is selected for the MSI Engine Version setting on the Setup.exe tab.

Sign Media

InstallScript

If you want to digitally sign the media header file (Data1.hdr), select this check box.

Sign Setup.exe

Basic MSI, InstallScript, InstallScript MSI

If you want to sign your Setup.exe file, select this check box.

This setting is applicable only to releases that meet the following criteria:

Single-file Setup.exe
Compressed files
Network image media type

Sign files in package

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

If you want to sign any of the files in your release, select this check box and then use the Include patterns and files and Exclude patterns and files boxes to indicate which files should be signed.

Include patterns and files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify the files and file patterns that you want to be digitally signed at build time.

Note the following guidelines:

You can type directly in the box. As an alternative, you can click the Files button, which launches the Browse for file dialog box. This dialog box lists all of the static files that are currently in your project. It also lists file patterns such as *.dll, which you can select.
To indicate a wild-card character, use an asterisk (*).

For example, if you want to sign all .exe files, specify the following: *.exe

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to sign all files that match a certain pattern.

Put each file and each file pattern on its own line, with each separated by a carriage return.
Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in the Include patterns and files box and in the Exclude patterns and files box, InstallShield does not sign any .exe files.

Exclude patterns and files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify any files and file patterns that you do not want to be digitally signed at build time.

Note the following guidelines:

You can type directly in the box. As an alternative, you can click the Files button, which launches the Browse for file dialog box. This dialog box lists all of the static files that are currently in your project. It also lists file patterns such as *.dll, which you can select.
To indicate a wild-card character, use an asterisk (*).

For example, if you do not want to sign any .drv files, specify the following: *.drv

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to avoid signing any files that match a certain pattern.

Put each file and each file pattern on its own line, with each separated by a carriage return.
Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in the Include patterns and files box and in the Exclude patterns and files box, InstallShield does not sign any .exe files.

Sign files that are already signed

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

If any of the files in your project are already digitally signed, determine whether you want InstallShield to replace those existing digital signatures with the digital signature that you specify on the Digital Signature panel. Note that this affects only files that meet the requirements that are specified in the Include patterns and files and Exclude patterns and files boxes.

To use the digital signature information that you provided on the Digital Signature panel to sign a file instead of any existing digital signature information that is already included with the file, select this check box.
To leave the existing digital signature information intact for any files that are already signed, clear this check box.

This check box is cleared by default.

Sign files in their original location

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Determine whether you want InstallShield to sign your original files or just the files that are built into the release:

If you want InstallShield to sign a temporary copy of each file and then use that signed temporary copy to build a release, clear this check box. Note that if you clear this check box, InstallShield will not modify or sign your original files.
If you want InstallShield to sign your original files, select this check box.

This check box is cleared by default.

Tip • The benefit of selecting this check box for a Basic MSI or InstallScript MSI project is that it helps create one patch that updates both compressed and uncompressed versions of a release that contains originally unsigned files.

See Also

Digital Signing and Security

Digitally Signing a Release and Its Files at Build Time

Digitally Signing a Release After It Has Been Built From the Command Line

Changing the Timestamp Server for Digital Signatures

InstallShield 2016 Help Library

August 2016

 Copyright Information | Flexera Software

Open topic with navigation