Signing Tab

InstallShield 2012 Spring Express Edition » Releases View » Release

The Signing tab is where you specify the digital signature information—including the digital signature files granted to you by a certification authority—that InstallShield should use to sign your files. It is also where you specify which files in your installation should be digitally signed at build time.

Settings on the Signing Tab

Setting

Media Type

Description

Certificate URL

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Type a fully qualified URL—for example, http://www.mydomain.com. This URL is used in your digital certificate to link to a location you would like end users to visit in order to learn more about your product, organization, or company.

Digital certificate file (SPC or PFX)

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Specify the location of your digital certificate file (.spc or .pfx) provided by a certification authority. You can type the path to the file or use the Browse button to navigate to the file location.

If you specify an .spc file, you must also specify a .pvk file.

Private key file (PVK)

Custom, CD-ROM, DVD, SingleImage, WebDeployment

If you are using an .spc file, you must also specify the location of your private key file (.pvk) provided by a certification authority. You can type the path to the file or use the Browse button to navigate to the file location.

Certificate Password

Custom, CD-ROM, DVD, SingleImage, WebDeployment

If you would like to pass the password for the .pvk file or the .pfx file to ISCmdBld.exe to digitally sign your application while building the release from the command line, type the password in this box. InstallShield encrypts this password and stores it in your project file (.ise).

If you do not specify a password in this box but you are digitally signing the release while building it from the command line, you will need to manually enter the password when you are prompted each time that you build the release from the command line.

Sign Output Files

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Specify which files you want to be signed. Available options are:

None—To avoid signing your installation, select this option.
Setup.exe—To sign your Setup.exe file, select this option.
Setup.exe and Windows Installer Package—To sign your Setup.exe file and your Windows Installer package (.msi), select this option.
Windows Installer Package—To sign your Windows Installer package (.msi), select this option.

Sign Files in Package

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Specify whether you want to sign any of the files in your release.

If you select Yes, use the Include Patterns and Files setting and the Exclude Patterns and Files setting to indicate which files should be signed.

Sign Files That Are Already Signed

Custom, CD-ROM, DVD, SingleImage, WebDeployment

If any of the files in your project are already digitally signed, determine whether you want InstallShield to replace those existing digital signatures with the digital signature that you specify on the Signing tab. Note that this affects only files that meet the requirements that are specified in the Include Patterns and Files setting and the Exclude Patterns and Files setting.

To use the digital signature information that you are providing on the Signing tab to sign a file instead of any existing digital signature information that is already included with the file, select Yes.
To leave the existing digital signature information intact for any files that are already signed, select No.

The default value is No.

Sign Files in Their Original Location

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Determine whether you want InstallShield to sign your original files or just the files that are built into the release:

If you want InstallShield to sign a temporary copy of each file and then use that signed temporary copy to build a release, select No. Note that if you select No, InstallShield will not modify or sign your original files.
If you want InstallShield to sign your original files, select Yes.

The default value is No.

Include Patterns and Files

Custom, CD-ROM, DVD, SingleImage, WebDeployment

To specify the files and file patterns that you want to be digitally signed at build time, do one of the following:

To select one or more file names or file patterns from a list of all of the static files that are currently in your project, as well as file patterns such as *.dll, click the ellipsis button (...) in this setting. The Browse for file dialog box opens, enabling you to select one or more patterns and files. When you are done selecting items, InstallShield adds one or more new Include settings under the Include Patterns and Files setting.
To type a file name or pattern manually, click the Add button in this setting. InstallShield adds a new Include setting under the Include Patterns and Files setting; use this new setting to specify the file name or pattern.

Include

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Specify the file or file pattern that you want to be digitally signed at build time. Note the following guidelines:

To indicate a wild-card character, use an asterisk (*).

For example, if you want to sign all .exe files, specify the following: *.exe

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to sign all files that match a certain pattern.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

To delete the file or file pattern, click the Delete button in this setting.

To add another file or file pattern, use the Include Patterns and Files setting.

Exclude Patterns and Files

Custom, CD-ROM, DVD, SingleImage, WebDeployment

To specify the files and file patterns that you do not want to be digitally signed at build time, do one of the following:

To select one or more file names or file patterns from a list of all of the static files that are currently in your project, as well as file patterns such as *.dll, click the ellipsis button (...) in this setting. The Browse for file dialog box opens, enabling you to select one or more patterns and files. When you are done selecting items, InstallShield adds one or more new Exclude settings under the Exclude Patterns and Files setting.
To type a file name or pattern manually, click the Add button in this setting. InstallShield adds a new Exclude setting under the Exclude Patterns and Files setting; use this new setting to specify the file name or pattern.

Exclude

Custom, CD-ROM, DVD, SingleImage, WebDeployment

Specify the file or file pattern that you do not want to be digitally signed at build time. Note the following guidelines:

To indicate a wild-card character, use an asterisk (*).

For example, if you do not want to sign any .drv files, specify the following: *.drv

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to avoid signing all files that match a certain pattern.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

To delete the file or file pattern, click the Delete button in this setting.

To add another file or file pattern, use the Exclude Patterns and Files setting.

See Also

Digital Signing and Security

Digitally Signing a Release and Its Files at Build Time

Changing the Timestamp Server for Digital Signatures

Releases View

InstallShield 2012 Spring Express Edition Help Library

May 2012

 Copyright Information | Contact Us