Digitally Signing a Release and Its Files at Build Time

InstallShield 2019 Express Edition

InstallShield lets you configure digital signing settings for a release. At build time, InstallShield uses the settings that you have configured to sign your installation package, your Setup.exe file, and any other files in your release that meet the criteria that you have defined.

To configure digital signing for your release and its files:

1. In the View List under Prepare for Release, click Releases.
2. In the Builds explorer, click the release that you want to sign.
3. Click the Signing tab.
4. Configure the following settings as appropriate:
Certificate URL
Digital Certificate File—Click the ellipsis button (...) in this setting. The Certificate Selection dialog box opens, enabling you to specify either the location of the .pfx file or information about the certificate store that contains the certificate.
Certificate Password—Note that if you configure your project to use a certificate that was imported with password protection into a store, Windows prompts for the password at build time when InstallShield is attempting to sign your project’s files. The strong key protection that Windows uses does not permit InstallShield to provide the password to the cryptographic provider.
Signature Description
5. In the Sign Output Files setting, specify which files (Setup.exe, the .msi package, both of those files, or neither of those files) you want to be signed.
6. In the Sign Files in Package setting, specify whether you want to sign additional files in your installation.

If you select Yes, use the other settings under the Sign Files in Package setting to indicate which files and file patterns should be signed and which should not be signed.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

Tip • For detailed information about any of the settings on the Signing tab, see Signing Tab.

At build time, InstallShield signs the files as specified on the Signing tab. If the release is for an installation that includes merge modules, note that the files are signed before the merge module is merged.

See Also