Revenera Documentation site will be unavailable on July 2nd due to scheduled maintenance. For more information see the status dashboard.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rchand445
Level 5

Improved Digital Signing

Nice job on improving the digital signing process!
Labels (1)
0 Kudos
7 Replies
MichaelU
Level 12 Flexeran
Level 12 Flexeran

Thanks! Have you already switched over to using a .pfx certificate, and have you had any problems doing so, or figuring out how to do so?
0 Kudos
rchand445
Level 5

Actually I have been using a pfx file since last year. I automated the build process using the standalone build module and Nant scripting. At that time I used signtool and the pfx file to sign the install media instead of Installshield's build engine in order to overcome the password prompt during the build process.

To convert my spc and pvk certificate files to a pfx file, I downloaded the pvkimprt tool from microsoft ( www.microsoft.com/downloads/details.aspx?FamilyID=F9992C94-B129-46BC-B240-414BDFF679A7&displaylang=EN) then ran the following command from the command line:

pvkimprt -PFX

The tool asks for an export file name, which you enter as your desired pfx file name.
0 Kudos
Gvarma
Level 7

rchand445 wrote:
Actually I have been using a pfx file since last year. I automated the build process using the standalone build module and Nant scripting. At that time I used signtool and the pfx file to sign the install media instead of Installshield's build engine in order to overcome the password prompt during the build process.

To convert my spc and pvk certificate files to a pfx file, I downloaded the pvkimprt tool from microsoft ( www.microsoft.com/downloads/details.aspx?FamilyID=F9992C94-B129-46BC-B240-414BDFF679A7&displaylang=EN) then ran the following command from the command line:

pvkimprt -PFX

The tool asks for an export file name, which you enter as your desired pfx file name.


Hi,

Is it possible to use Digital Signature part of Installshield outside 2008? Well I sign .DOT and other application binaries (exe, dll, ocx etc) on every day basis and i get between 30 to 100 files everyday, now signing these files everyday manually, one by one is a "paint in the butt (pardon my language)", I was wondering if there is a solution out there , which can be used to collectivly sign files?

TIA
0 Kudos
rchand445
Level 5

Well, now it appears you have two options.

Installshield 2008 allows you to sign dll's, executables, and other files as well as the traditional setup files. I don't have the IDE up and running at the moment, but I believe that this feature is available in the release configuration view.

You can also call Microsoft's version of signtool.exe from a script or batch process. Signtool.exe is available if you install Visual Studio 2005 or Microsoft's Platform SDK. For further information on the use of signtool.exe go here.

Note that this tool is used to sign files for compatiblity with Internet Explorer. To sign files for compatibility with Netscape or Mozilla based browsers, you will need to use Netscape's version of signtool.exe. I'm not sure that this tool is currently supported or available for download.
0 Kudos
LanceRas
Level 7

I too agree that the efforts toward digital signing and signing more than just the installer is a big improvement.
0 Kudos
Gvarma
Level 7

rchand445 wrote:
Well, now it appears you have two options.

Installshield 2008 allows you to sign dll's, executables, and other files as well as the traditional setup files. I don't have the IDE up and running at the moment, but I believe that this feature is available in the release configuration view.

You can also call Microsoft's version of signtool.exe from a script or batch process. Signtool.exe is available if you install Visual Studio 2005 or Microsoft's Platform SDK. For further information on the use of signtool.exe go here.

Note that this tool is used to sign files for compatiblity with Internet Explorer. To sign files for compatibility with Netscape or Mozilla based browsers, you will need to use Netscape's version of signtool.exe. I'm not sure that this tool is currently supported or available for download.


Hi,

Thanks for your response. The signtool.exe is useful when you are signing exe.dll etc what about Macro Enabled Word templates (.dot, docm etc) file. Is there a way to collectivly sing all macro enabled files? its a big pain when you have to open each templates and sign the macro one by one.

TIA
0 Kudos
rchand445
Level 5

Quite frankly I have never had the "pleasure" of digitally signing MS Office documents. Have you seen this article before?

Digitally Sign a Word 2002 Document and Programmatically Retrieve Digital Signature Information
0 Kudos