cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Naveed
Level 6

Installing Certificates (.pfx, .cer) as part of Installer

Installshield 2010 allows us to install certificates on server. How can I specify target location for certificates to be installed? I want certificates to get installed in "Trusted People" location at Windows Server 2008.

Please help how I can specify location for certificates in InstallShield 2010?

Thanks.
Naveed
Labels (1)
0 Kudos
(12) Replies
Naveed
Level 6

Guys, Any help will be highly appreciated!
0 Kudos
klacounte
Level 6

I haven't looked into this for IS2010 yet. If you want a work around, include the certificate in the binary table, write a custom action to extract the certificate to a temp dir, write another custom action to run Certmgr.exe, and finally write another CA to delete the certificate from the temp dir.

If you want to go this route, I can post some more details for you.
0 Kudos
Roman1
Level 9

Hello Klocounte,
please post a workaround about your proposal.
0 Kudos
Naveed
Level 6

Yes. Please post a workaround/ solution. I just need to get it done by any way.

Thanks.
Naveed
0 Kudos
klacounte
Level 6

Ok, here's the basic steps:

1) insert the certificate into the binary table

2) insert certmgr.exe into the binary table (link)

3) add a custom action to extract the certificate to a temp dir - I'm using a CA script named 'ExtractCertificate' that is called after CreateShortcuts in the Install Exec sequence, Immediate Execution:

Dim TempFolder : TempFolder = Session.Property("TempFolder") 
Dim BinaryFile : BinaryFile = Session.Property("ExtractBinaryFile")
ExtractBinary BinaryFile, TempFolder & BinaryFile

Function ExtractBinary(BinaryName, OutputFile)
Const msiReadStreamAnsi = 2

Dim oDatabase : Set oDatabase = Session.Database

Dim View : Set View = oDatabase.OpenView("SELECT * FROM Binary WHERE Name = '" & BinaryName & "'")
View.Execute
Dim Record : Set Record = View.Fetch
Dim BinaryData : BinaryData = Record.ReadStream(2, Record.DataSize(2), msiReadStreamAnsi)

Dim FSO : Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Stream : Set Stream = FSO.CreateTextFile(OutputFile, True)
Stream.Write BinaryData
Stream.Close
End Function



4) add a property with the same name as the CA created in step 2 and set to the certificate name in the binary table - I'm using Name: 'ExtractBinaryFile', Value: 'MyCert.cer'

5) add a CA to run an executable stored in the binary table - I've named it InstallCertificate
a) set the Executable Filename to CertMgr.exe
b) set the Command Line to: -add "[TempFolder]\MyCert.cer" -s TrustedPublisher -r localMachine
c) set Return Processing to Synchronous (Check exit code)
d) set In-Script Execution to: Deferred Execution in System Context
e) Set Install Exec Sequence to: After ExtractCertificate


6) add a CA to delete the certificate from the temp dir - I'm using a script CA named CleanupCertificate that is called after the InstallCertificate CA in the Installl Exec Sequence, immediate execution:

Set fso = CreateObject("Scripting.FileSystemObject") : fso.DeleteFile fso.BuildPath(Property("TempFolder"), Property("ExtractBinaryFile")), True
0 Kudos
Naveed
Level 6

Is there a way I can keep the certificates out of MSI package? When InstallShield creates an MSI package, it places the certificates in that release folder.

When Installer is run, it picks up the certificates for current directory and installs them. How can I do this in InstallShield 2010?

Thanks
Naveed
0 Kudos
klacounte
Level 6

Rather than put the certificate in the binary table, put it in the Support Files area. The disadvantage to doing that is that the user will need access to the install when doing maintenance.
0 Kudos
austin2359
Level 6

What if you do not a certificate authority to be associated with one particular website? You just want it to show up in certmgr.msc as a root certificate.

Is there a way to have installshield do that other than artificially doing it through regedits (which I did find possible through experimentation)? Regedits are not ideal however.
0 Kudos
Naveed
Level 6

Use powershell script to install cert in whatever certificate store you want to. Powershell script can be invoked from a VB script custom action in InstallShield.

Powershell scripting gives all types of parameters and options to install certs.
0 Kudos

@Naveed Could you please share some example of powershell script for instalshield

0 Kudos
austin2359
Level 6

where can I find the basic syntax for inserting a cert via powershell?

Also, if I'm correct, this would require an additional download if the person is not using windows 7.
0 Kudos
austin2359
Level 6

I got this to work by using a vbscript. How do I make this custom action operate at the end, rather than the beginning, of the file?
0 Kudos