Naveed
Pilgrim

Installing Certificates (.pfx, .cer) as part of Installer

Installshield 2010 allows us to install certificates on server. How can I specify target location for certificates to be installed? I want certificates to get installed in "Trusted People" location at Windows Server 2008.

Please help how I can specify location for certificates in InstallShield 2010?

Thanks.
Naveed
Labels (1)
0 Kudos
11 Replies
Naveed
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

Guys, Any help will be highly appreciated!
0 Kudos
klacounte
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

I haven't looked into this for IS2010 yet. If you want a work around, include the certificate in the binary table, write a custom action to extract the certificate to a temp dir, write another custom action to run Certmgr.exe, and finally write another CA to delete the certificate from the temp dir.

If you want to go this route, I can post some more details for you.
0 Kudos
Roman1
Flexera beginner

Re: Installing Certificates (.pfx, .cer) as part of Installer

Hello Klocounte,
please post a workaround about your proposal.
0 Kudos
Naveed
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

Yes. Please post a workaround/ solution. I just need to get it done by any way.

Thanks.
Naveed
0 Kudos
klacounte
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

Ok, here's the basic steps:

1) insert the certificate into the binary table

2) insert certmgr.exe into the binary table (link)

3) add a custom action to extract the certificate to a temp dir - I'm using a CA script named 'ExtractCertificate' that is called after CreateShortcuts in the Install Exec sequence, Immediate Execution:

Dim TempFolder : TempFolder = Session.Property("TempFolder") 
Dim BinaryFile : BinaryFile = Session.Property("ExtractBinaryFile")
ExtractBinary BinaryFile, TempFolder & BinaryFile

Function ExtractBinary(BinaryName, OutputFile)
Const msiReadStreamAnsi = 2

Dim oDatabase : Set oDatabase = Session.Database

Dim View : Set View = oDatabase.OpenView("SELECT * FROM Binary WHERE Name = '" & BinaryName & "'")
View.Execute
Dim Record : Set Record = View.Fetch
Dim BinaryData : BinaryData = Record.ReadStream(2, Record.DataSize(2), msiReadStreamAnsi)

Dim FSO : Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Stream : Set Stream = FSO.CreateTextFile(OutputFile, True)
Stream.Write BinaryData
Stream.Close
End Function



4) add a property with the same name as the CA created in step 2 and set to the certificate name in the binary table - I'm using Name: 'ExtractBinaryFile', Value: 'MyCert.cer'

5) add a CA to run an executable stored in the binary table - I've named it InstallCertificate
a) set the Executable Filename to CertMgr.exe
b) set the Command Line to: -add "[TempFolder]\MyCert.cer" -s TrustedPublisher -r localMachine
c) set Return Processing to Synchronous (Check exit code)
d) set In-Script Execution to: Deferred Execution in System Context
e) Set Install Exec Sequence to: After ExtractCertificate


6) add a CA to delete the certificate from the temp dir - I'm using a script CA named CleanupCertificate that is called after the InstallCertificate CA in the Installl Exec Sequence, immediate execution:

Set fso = CreateObject("Scripting.FileSystemObject") : fso.DeleteFile fso.BuildPath(Property("TempFolder"), Property("ExtractBinaryFile")), True
0 Kudos
Naveed
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

Is there a way I can keep the certificates out of MSI package? When InstallShield creates an MSI package, it places the certificates in that release folder.

When Installer is run, it picks up the certificates for current directory and installs them. How can I do this in InstallShield 2010?

Thanks
Naveed
0 Kudos
klacounte
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

Rather than put the certificate in the binary table, put it in the Support Files area. The disadvantage to doing that is that the user will need access to the install when doing maintenance.
0 Kudos
austin2359
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

What if you do not a certificate authority to be associated with one particular website? You just want it to show up in certmgr.msc as a root certificate.

Is there a way to have installshield do that other than artificially doing it through regedits (which I did find possible through experimentation)? Regedits are not ideal however.
0 Kudos
Naveed
Pilgrim

Re: Installing Certificates (.pfx, .cer) as part of Installer

Use powershell script to install cert in whatever certificate store you want to. Powershell script can be invoked from a VB script custom action in InstallShield.

Powershell scripting gives all types of parameters and options to install certs.
0 Kudos