This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Shahar100
Level 2
‎Jul 14, 2020 07:43 PM

Digital Signing an installation package

We need to secure our Installation package with a digital signature.

I'll start with the question: (TL;DR)

What are the requirements from the created certificate in order to use it to sign an InstallShield package?

We didn't find any specifications in the user manual, InstallShield help or any other documentation or knowledge base.

There are many certificate types, certificate features and encryption methods available, some features are blocked for us by our IT, so we need to know the specific requirements/features that are needed to be able to sign our package.

And here are all the details:

Our project is an InstallScript MSI, in a Binary format.
The interface type is in the Traditional Style (Released as a Setup.exe file).

We have created self-signed certificates in the Windows 10 Certificate store.
These are backed by our internal Certificate Authority.
When trying to sign the package we couldn't use any of our certificates in the Personal Certificates folder.
Only after exporting the certificate and importing back to the "Trusted Root Certification Authorities" folder, we could manage to sign the files inside the package. (it also took time to get this to work"
When trying to sign the package file by changing the "Sign Output Files" property.

No matter what option is selected and which certificate is used, we get the same error: 
ISDEV : error -6259: Internal build error

And some of the times we get these errors too:
ISDEV : error -6258: An error occurred extracting digital signature information from file "****\standard\singleEXE\DiskImages\DISK1\Installation Package.msi". Make sure the digital signature information provided in the IDE is correct.

ISDEV : error -6003: An error occurred streaming '****\standard\singleEXE\DiskImages\DISK1\Installation Package.isc' into setup.exe

The password is correct, the pfx file exists and it contains the private-key, and in case of a certificate from a store, we tried every available folder, and also tried the current user and the local computer certificates.
We also tried creating general-purpose self-signed certificates using OpenSSL, these didn't work either.

Thanks,
Shahar

Labels (1)
Labels
0 Kudos
(3) Replies
Jenifer
Flexera Alumni
‎Jul 15, 2020 03:42 AM

Hi @Shahar100 ,

Answering to your question:

 

Thanks,

Jenifer

0 Kudos
cdiamond
Level 2
In response to Jenifer
‎Jul 16, 2020 10:55 AM

I'm having the same problem with error 6259.   

I tested with signtool and all is well.  I can also see that the files included in the installer are being signed.  The file certificates.msi gets created and signed and then I get the error: 

Media table successfully built
Started signing certificate.msi ...
ISDEV : error -6259: Internal build error
ISDEV : fatal error -5087: Stop at first error

OCT System Software\Release - 2 error(s), 3 warning(s)

 

0 Kudos
cdiamond
Level 2
In response to cdiamond
‎Jul 16, 2020 11:38 AM

I found my problem.    I needed to add my CA to the root store since this was a self signed certificate. 

0 Kudos