This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: Installing Certificates (.pfx, .cer) as part of Installer
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
‎Oct 19, 2009
03:09 PM
Installing Certificates (.pfx, .cer) as part of Installer
Installshield 2010 allows us to install certificates on server. How can I specify target location for certificates to be installed? I want certificates to get installed in "Trusted People" location at Windows Server 2008.
Please help how I can specify location for certificates in InstallShield 2010?
Thanks.
Naveed
Please help how I can specify location for certificates in InstallShield 2010?
Thanks.
Naveed
(12) Replies
‎Oct 22, 2009
07:34 PM
I haven't looked into this for IS2010 yet. If you want a work around, include the certificate in the binary table, write a custom action to extract the certificate to a temp dir, write another custom action to run Certmgr.exe, and finally write another CA to delete the certificate from the temp dir.
If you want to go this route, I can post some more details for you.
If you want to go this route, I can post some more details for you.
‎Oct 23, 2009
09:22 AM
Ok, here's the basic steps:
1) insert the certificate into the binary table
2) insert certmgr.exe into the binary table (link)
3) add a custom action to extract the certificate to a temp dir - I'm using a CA script named 'ExtractCertificate' that is called after CreateShortcuts in the Install Exec sequence, Immediate Execution:
4) add a property with the same name as the CA created in step 2 and set to the certificate name in the binary table - I'm using Name: 'ExtractBinaryFile', Value: 'MyCert.cer'
5) add a CA to run an executable stored in the binary table - I've named it InstallCertificate
6) add a CA to delete the certificate from the temp dir - I'm using a script CA named CleanupCertificate that is called after the InstallCertificate CA in the Installl Exec Sequence, immediate execution:
1) insert the certificate into the binary table
2) insert certmgr.exe into the binary table (link)
3) add a custom action to extract the certificate to a temp dir - I'm using a CA script named 'ExtractCertificate' that is called after CreateShortcuts in the Install Exec sequence, Immediate Execution:
Dim TempFolder : TempFolder = Session.Property("TempFolder")
Dim BinaryFile : BinaryFile = Session.Property("ExtractBinaryFile")
ExtractBinary BinaryFile, TempFolder & BinaryFile
Function ExtractBinary(BinaryName, OutputFile)
Const msiReadStreamAnsi = 2
Dim oDatabase : Set oDatabase = Session.Database
Dim View : Set View = oDatabase.OpenView("SELECT * FROM Binary WHERE Name = '" & BinaryName & "'")
View.Execute
Dim Record : Set Record = View.Fetch
Dim BinaryData : BinaryData = Record.ReadStream(2, Record.DataSize(2), msiReadStreamAnsi)
Dim FSO : Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Stream : Set Stream = FSO.CreateTextFile(OutputFile, True)
Stream.Write BinaryData
Stream.Close
End Function
4) add a property with the same name as the CA created in step 2 and set to the certificate name in the binary table - I'm using Name: 'ExtractBinaryFile', Value: 'MyCert.cer'
5) add a CA to run an executable stored in the binary table - I've named it InstallCertificate
a) set the Executable Filename to CertMgr.exe
b) set the Command Line to: -add "[TempFolder]\MyCert.cer" -s TrustedPublisher -r localMachine
c) set Return Processing to Synchronous (Check exit code)
d) set In-Script Execution to: Deferred Execution in System Context
e) Set Install Exec Sequence to: After ExtractCertificate
b) set the Command Line to: -add "[TempFolder]\MyCert.cer" -s TrustedPublisher -r localMachine
c) set Return Processing to Synchronous (Check exit code)
d) set In-Script Execution to: Deferred Execution in System Context
e) Set Install Exec Sequence to: After ExtractCertificate
6) add a CA to delete the certificate from the temp dir - I'm using a script CA named CleanupCertificate that is called after the InstallCertificate CA in the Installl Exec Sequence, immediate execution:
Set fso = CreateObject("Scripting.FileSystemObject") : fso.DeleteFile fso.BuildPath(Property("TempFolder"), Property("ExtractBinaryFile")), True
‎Oct 23, 2009
09:44 AM
Is there a way I can keep the certificates out of MSI package? When InstallShield creates an MSI package, it places the certificates in that release folder.
When Installer is run, it picks up the certificates for current directory and installs them. How can I do this in InstallShield 2010?
Thanks
Naveed
When Installer is run, it picks up the certificates for current directory and installs them. How can I do this in InstallShield 2010?
Thanks
Naveed
‎May 21, 2010
09:30 AM
What if you do not a certificate authority to be associated with one particular website? You just want it to show up in certmgr.msc as a root certificate.
Is there a way to have installshield do that other than artificially doing it through regedits (which I did find possible through experimentation)? Regedits are not ideal however.
Is there a way to have installshield do that other than artificially doing it through regedits (which I did find possible through experimentation)? Regedits are not ideal however.
‎May 21, 2010
09:35 AM
Use powershell script to install cert in whatever certificate store you want to. Powershell script can be invoked from a VB script custom action in InstallShield.
Powershell scripting gives all types of parameters and options to install certs.
Powershell scripting gives all types of parameters and options to install certs.
‎Nov 02, 2023
11:17 PM
@Naveed Could you please share some example of powershell script for instalshield
‎May 21, 2010
10:26 AM
where can I find the basic syntax for inserting a cert via powershell?
Also, if I'm correct, this would require an additional download if the person is not using windows 7.
Also, if I'm correct, this would require an additional download if the person is not using windows 7.
‎May 21, 2010
04:34 PM
I got this to work by using a vbscript. How do I make this custom action operate at the end, rather than the beginning, of the file?