Signing Tab for a Release
InstallShield 2022 » Releases View » Release
Project:The Signing tab is available in the following project types:
• | Advanced UI |
• | Basic MSI |
• | InstallScript |
• | InstallScript MSI |
• | InstallScript Object |
• | Merge Module |
• | Suite/Advanced UI |
The Signing tab is where you specify the digital signature information—including the digital certificate files that a certification authority grated to you—that InstallShield should use to sign your files. It is also where you specify which files in your installation should be digitally signed at build time.
Setting |
Project Type |
Description |
||||||||||||||||||
Sign Setup.exe File |
Advanced UI, Suite/Advanced UI |
Specify whether you want to sign the Advanced UI or Suite/Advanced UI installation. |
||||||||||||||||||
Certificate URL |
Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI |
Type a fully qualified URL—for example, http://www.mydomain.com. This URL is used in your digital signature to link to a site that you would like end users to visit to learn more about your product, organization, or company. |
||||||||||||||||||
Digital Certificate Information |
Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI |
To specify the digital certificate that you want to use to sign your release, click the ellipsis button (...) in this setting. The Certificate Selection dialog box opens, enabling you to specify either the location of the .pfx file or information about the certificate store that contains the certificate. To learn more, see Certificate Selection Dialog Box. After specifying the digital certificate, the below will be displayed:
|
||||||||||||||||||
Certificate Password |
Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI |
If the .pfx file that you are using has a password, enter it. InstallShield encrypts the password and stores it in your project file (.ism). At build time, InstallShield uses the password to sign files with a .pfx file. If your certificate is protected by a password but you do not enter it in this setting, signing with a .pfx file fails. Note that if you configure your project to use a certificate that was imported with password protection into a store, Windows prompts for the password at build time when InstallShield is attempting to sign your project’s files. The strong key protection that Windows uses does not permit InstallShield to provide the password to the cryptographic provider. |
||||||||||||||||||
Sign Output Files |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
Specify which files you want to be signed. Available options are:
This option is available for InstallScript projects.
This option is available for Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, and Merge Module projects.
This option is available for Basic MSI, InstallScript, and InstallScript MSI projects.
This option is available for InstallScript projects.
This option is available for Basic MSI and InstallScript MSI projects.
This option is available for Basic MSI, InstallScript MSI, and Merge Module projects. |
||||||||||||||||||
Signature Description |
Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI |
Specify the signature description that you want to use for files that are specified in the Sign Output Files setting. The description that you specify is displayed on the User Account Control (UAC) box to the right of the “Program Name:” label. The UAC dialog box opens when an end user launches the signed file and elevated privileges are required. If you leave this setting blank, InstallShield uses the name of the file without its extension as the description to the right of the “Program Name:” label on the UAC dialog box. Note that if you use the Sign Files in Package setting and its subsettings to sign the files in your package, InstallShield does not use this signature description for the UAC dialog box of the files in your package that are signed at build time. |
||||||||||||||||||
Sign Files in Package |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
Specify whether you want to sign any of the files in your release. If you select Yes, use the Include Patterns and Files setting and the Exclude Patterns and Files setting to indicate which files should be signed. Windows Logo Guideline:All executable files (including .exe, .dll, .ocx, .sys, .cpl, .drv, and .scr files) in an installation must be digitally signed for the Windows logo program. |
||||||||||||||||||
Sign Files That Are Already Signed |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
If any of the files in your project are already digitally signed, determine whether you want InstallShield to replace those existing digital signatures with the digital signature that you specify on the Signing tab. Note that this affects only files that meet the requirements that are specified in the Include Patterns and Files setting and the Exclude Patterns and Files setting.
The default value is No. |
||||||||||||||||||
Sign Files in Their Original Location |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
Determine whether you want InstallShield to sign your original files or just the files that are built into the release:
The default value is No. |
||||||||||||||||||
Include Patterns and Files |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
To specify the files and file patterns that you want to be digitally signed at build time, do one of the following:
|
||||||||||||||||||
Include |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
Specify the file or file pattern that you want to be digitally signed at build time. Note the following guidelines:
For example, if you want to sign all .exe files, specify the following: *.exe Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to sign all files that match a certain pattern.
To delete the file or file pattern, click the Delete button in this setting. To add another file or file pattern, use the Include Patterns and Files setting. |
||||||||||||||||||
Exclude Patterns and Files |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
To specify the files and file patterns that you do not want to be digitally signed at build time, do one of the following:
|
||||||||||||||||||
Exclude |
Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module |
Specify the file or file pattern that you do not want to be digitally signed at build time. Note the following guidelines:
For example, if you do not want to sign any .drv files, specify the following: *.drv Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to avoid signing all files that match a certain pattern.
To delete the file or file pattern, click the Delete button in this setting. To add another file or file pattern, use the Exclude Patterns and Files setting. |
See Also
Digitally Signing a Release and Its Files at Build Time
Digitally Signing a Release After It Has Been Built From the Command Line