This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Installing an X.509 Certificate
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
‎Apr 25, 2008
11:58 AM
Installing an X.509 Certificate
Summary
Need to install an X.509 Certificate into the Windows Certificate Store for a Windows Communication Foundation (WCF) service. This is not the same as signing the install.
Details
Options
Any feedback from others on the possible options would be greatly appreciated.
I found a couple of old threads on this topic, but may or may not apply to InstallShield 2008:
http://community.installshield.com/showthread.php?t=142469
http://community.installshield.com/showthread.php?t=129503
Need to install an X.509 Certificate into the Windows Certificate Store for a Windows Communication Foundation (WCF) service. This is not the same as signing the install.
Details
- Client computers will get the certificate with public key (.cer file)
- Server computer will get the certificate with public and private keys (.pfx file)
- The private key in .pfx is password protected.
- Installing requires System context (may be able to get by with just administrator).
Options
- Create a .NET executable and use X509Store via System.Security.Cryptography.X509Certificates namespace. Launch this executable via custom action (deferred in system context).
- Create a VBScript deferred custom action to call into CapiCom.dll.
- Does InstallShield 2008 / Windows Installer natively support adding certificates to the certificate store??? Ideally, it would be no different than adding installing a file during install and automatically removed during uninstall instead of creating custom actions to add/remove.
Any feedback from others on the possible options would be greatly appreciated.
I found a couple of old threads on this topic, but may or may not apply to InstallShield 2008:
http://community.installshield.com/showthread.php?t=142469
http://community.installshield.com/showthread.php?t=129503
(3) Replies
‎Apr 25, 2008
12:44 PM
There is no native support in MSI ( standard actions ) or InstallShield ( standard custom actions ). There is support in WiX via the Certificates element. It should be possible to create a WiX merge module that implements your certificates story and then consume it in an InstallShield project.
However, I recently deployed a VSTO application that had to publish various certificates to the store. I went with the Custom Action route and didn't bother making it data driven since it was only a handful of CA's that will never change and I doubt I'll need to do this again anytime soon.
I used a CLR 2.0 ComVisible C# Class and called it via InstallScript DotNetCoCreateObject(). With IS2009 and I would skip the installscript and go straight for the Managed CA type. I explored the Win32 and COM interfaces and didn't like what I saw. http://blog.deploymentengineering.com/2008/01/capicom-ugh.html
If you would like some sample code, I can provide it tonight.
However, I recently deployed a VSTO application that had to publish various certificates to the store. I went with the Custom Action route and didn't bother making it data driven since it was only a handful of CA's that will never change and I doubt I'll need to do this again anytime soon.
I used a CLR 2.0 ComVisible C# Class and called it via InstallScript DotNetCoCreateObject(). With IS2009 and I would skip the installscript and go straight for the Managed CA type. I explored the Win32 and COM interfaces and didn't like what I saw. http://blog.deploymentengineering.com/2008/01/capicom-ugh.html
If you would like some sample code, I can provide it tonight.
‎Jan 19, 2009
03:32 PM
Hey ya,
How did you solve this issue?
thanks
How did you solve this issue?
thanks
AaronM wrote:
Summary
Need to install an X.509 Certificate into the Windows Certificate Store for a Windows Communication Foundation (WCF) service. This is not the same as signing the install.
Details
- Client computers will get the certificate with public key (.cer file)
- Server computer will get the certificate with public and private keys (.pfx file)
- The private key in .pfx is password protected.
- Installing requires System context (may be able to get by with just administrator).
Options
- Create a .NET executable and use X509Store via System.Security.Cryptography.X509Certificates namespace. Launch this executable via custom action (deferred in system context).
- Create a VBScript deferred custom action to call into CapiCom.dll.
- Does InstallShield 2008 / Windows Installer natively support adding certificates to the certificate store??? Ideally, it would be no different than adding installing a file during install and automatically removed during uninstall instead of creating custom actions to add/remove.
Any feedback from others on the possible options would be greatly appreciated.
I found a couple of old threads on this topic, but may or may not apply to InstallShield 2008:
http://community.installshield.com/showthread.php?t=142469
http://community.installshield.com/showthread.php?t=129503
‎Jan 19, 2009
03:41 PM
I create a .NET executable and use X509Store via System.Security.Cryptography.X509Certificates namespace. Launch this executable via custom action (deferred in system context).
C# code...
[CODE]// Open the certificate store
X509Store store = new X509Store( ... );
store.Open( OpenFlags.ReadWrite );
// Add the certificate
string password; // assign accordingly
byte[] buffer; // assign accordingly
X509Certificate2 cert = new X509Certificate2( buffer, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet );
store.Add( cert );[/CODE]
C# code...
[CODE]// Open the certificate store
X509Store store = new X509Store( ... );
store.Open( OpenFlags.ReadWrite );
// Add the certificate
string password; // assign accordingly
byte[] buffer; // assign accordingly
X509Certificate2 cert = new X509Certificate2( buffer, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet );
store.Add( cert );[/CODE]