This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- New Signing Requirements....
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Feb 09, 2016
08:13 AM
New Signing Requirements....
Hi all,
Real quick question, does IS 2015 handle new .msi and file signing requirements...
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx#Concerns_with_MSIs
... and, if not, will it be coming in a future edition does anyone know?
Thanks for any info!!
Real quick question, does IS 2015 handle new .msi and file signing requirements...
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx#Concerns_with_MSIs
... and, if not, will it be coming in a future edition does anyone know?
Thanks for any info!!
(2) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Feb 10, 2016
04:16 PM
IS2015 doesn't support dual signing, which is something that is needed in order to deploy installers properly for XP SP3, Vista, Server 2003 and Server 2008 installs.
You can certainly dual-sign your EXE/DLL's outside of IS2015 and set the appropriate settings in IS2015 Project to not resign the signed files.
You can also, if deploying a single file Setup.EXE, dual sign the Setup.EXE outside of IS2015.
The problem will be the MSI file. Until Flexera adds the ability to dual-sign signing the MSI package after combining the files into the MSI package, but prior to including in the Setup.EXE file, it's not going to help much. While it would also be nice to be able to dual sign the included files or final EXE, at least you can do it with Codesign.
I've not verified, but supposedly Installaware supports dual signing. But since my preference has been with Flexera for many years, I simply hope the folks realize that this is important to support still.
You can certainly dual-sign your EXE/DLL's outside of IS2015 and set the appropriate settings in IS2015 Project to not resign the signed files.
You can also, if deploying a single file Setup.EXE, dual sign the Setup.EXE outside of IS2015.
The problem will be the MSI file. Until Flexera adds the ability to dual-sign signing the MSI package after combining the files into the MSI package, but prior to including in the Setup.EXE file, it's not going to help much. While it would also be nice to be able to dual sign the included files or final EXE, at least you can do it with Codesign.
I've not verified, but supposedly Installaware supports dual signing. But since my preference has been with Flexera for many years, I simply hope the folks realize that this is important to support still.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Feb 10, 2016
04:25 PM
LanceRas wrote:
IS2015 doesn't support dual signing, which is something that is needed in order to deploy installers properly for XP SP3, Vista, Server 2003 and Server 2008 installs.
You can certainly dual-sign your EXE/DLL's outside of IS2015 and set the appropriate settings in IS2015 Project to not resign the signed files.
You can also, if deploying a single file Setup.EXE, dual sign the Setup.EXE outside of IS2015.
The problem will be the MSI file. Until Flexera adds the ability to dual-sign signing the MSI package after combining the files into the MSI package, but prior to including in the Setup.EXE file, it's not going to help much. While it would also be nice to be able to dual sign the included files or final EXE, at least you can do it with Codesign.
I've not verified, but supposedly Installaware supports dual signing. But since my preference has been with Flexera for many years, I simply hope the folks realize that this is important to support still.
So the dual signing is really only needed for support of older OSs? If we are not to support the older OSs we can just go with using the newer certificate? I received a reply from IS support on this (http://helpnet.flexerasoftware.com/installshield22helplib/installshield22helplib.htm#StartTopic=helplibrary/whats_newIS2015.htm) and it seems you just have to point to the new certificate file for single signing using the newer type certificate.
I'll have to check with the powers that be to see what we will support and what we will not.
What happens on the newer OSs if we stay with the older certificate - messages of unrecognized publisher, but the installer will continue if user desires?
