Digital Signing Patch for InstallAnywhere 2015 and above
InstallAnywhere digital signing feature uses a timestamp URL from Symantec which is being decommissioned (more details here) and migrated to Digicert. Signing with new Digicert URL causes a breakage in Digital Signing
When signing an installer with SHA-256 digest, using the new Digicert server (http://timestamp.digicert.com), the resulting installer is signed by SHA-256 digest, but the counter signatures are signed with SHA1 due to an incorrect order in which InstallAnywhere calls the signing APIs
Affected InstallAnywhere Versions
All minor releases of the above releases included
- The issue is resolved in a hotfix that can be downloaded from here. Please note that the hotfix is applicable on the latest service packs of above affected versions.
- Download and extract the contents of the file.
- Copy x86/IAWinDigiSign.exe to <IA_Install_Location>/resource/nativetools/windows
- Copy x64/IAWinDigiSign.exe to <IA_Install_Location>/resource/nativetools/windows64
- After replacing the above files, in your InstallAnywhere project, navigate to Project à Platforms à Windows à Digital Signing and update the Timestamp server field to http://timestamp.digicert.com
If there are any additional issues, please contact our Technical Support team