I haven't looked into this for IS2010 yet. If you want a work around, include the certificate in the binary table, write a custom action to extract the certificate to a temp dir, write another custom action to run Certmgr.exe, and finally write another CA to delete the certificate from the temp dir.

If you want to go this route, I can post some more details for you.

Hello Klocounte,
please post a workaround about your proposal.

Yes. Please post a workaround/ solution. I just need to get it done by any way.

Thanks.
Naveed

Ok, here's the basic steps:

1) insert the certificate into the binary table

2) insert certmgr.exe into the binary table (link)

3) add a custom action to extract the certificate to a temp dir - I'm using a CA script named 'ExtractCertificate' that is called after CreateShortcuts in the Install Exec sequence, Immediate Execution:

Dim TempFolder : TempFolder = Session.Property("TempFolder") 
Dim BinaryFile : BinaryFile = Session.Property("ExtractBinaryFile") 
ExtractBinary BinaryFile, TempFolder & BinaryFile 

Function ExtractBinary(BinaryName, OutputFile) 
Const msiReadStreamAnsi = 2 

Dim oDatabase : Set oDatabase = Session.Database 

Dim View : Set View = oDatabase.OpenView("SELECT * FROM Binary WHERE Name = '" & BinaryName & "'") 
View.Execute 
Dim Record : Set Record = View.Fetch 
Dim BinaryData : BinaryData = Record.ReadStream(2, Record.DataSize(2), msiReadStreamAnsi) 

Dim FSO : Set FSO = CreateObject("Scripting.FileSystemObject") 
Dim Stream : Set Stream = FSO.CreateTextFile(OutputFile, True) 
Stream.Write BinaryData 
Stream.Close 
End Function 

4) add a property with the same name as the CA created in step 2 and set to the certificate name in the binary table - I'm using Name: 'ExtractBinaryFile', Value: 'MyCert.cer'

5) add a CA to run an executable stored in the binary table - I've named it InstallCertificate


6) add a CA to delete the certificate from the temp dir - I'm using a script CA named CleanupCertificate that is called after the InstallCertificate CA in the Installl Exec Sequence, immediate execution:

Set fso = CreateObject("Scripting.FileSystemObject") : fso.DeleteFile fso.BuildPath(Property("TempFolder"), Property("ExtractBinaryFile")), True

Is there a way I can keep the certificates out of MSI package? When InstallShield creates an MSI package, it places the certificates in that release folder.

When Installer is run, it picks up the certificates for current directory and installs them. How can I do this in InstallShield 2010?

Thanks
Naveed

Rather than put the certificate in the binary table, put it in the Support Files area. The disadvantage to doing that is that the user will need access to the install when doing maintenance.

What if you do not a certificate authority to be associated with one particular website? You just want it to show up in certmgr.msc as a root certificate.

Is there a way to have installshield do that other than artificially doing it through regedits (which I did find possible through experimentation)? Regedits are not ideal however.

Use powershell script to install cert in whatever certificate store you want to. Powershell script can be invoked from a VB script custom action in InstallShield.

Powershell scripting gives all types of parameters and options to install certs.

where can I find the basic syntax for inserting a cert via powershell?

Also, if I'm correct, this would require an additional download if the person is not using windows 7.

I got this to work by using a vbscript. How do I make this custom action operate at the end, rather than the beginning, of the file?