This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
delderkidasa
Level 3
‎Oct 01, 2015 03:04 PM

cannot get sha256 timestamps to work

I am able to sign and timestamp my own exe files using signtool with my new sha256 verisign authenticode certificate. The signature works fine from windows 7 to 10. Both the signature and timestamp use sha256.

However, I am unable to get the InstallShield 2015 to properly timestamp my MSI installer.

By default it uses the non-sha256 timestamper supplied by verisign. If I edit the settings.XML file to use the same sha-256 compliant timestamper that I use on my exe files (http://timestamp.entrust.net/TSS/RFC3161sha2TS), the time stamp gets left out of the MSI file. So I end up with a signed MSI file that has no timestamp.

I suppose this is not surprising since the settings.xml file does not let you specify any of the required signtool parameters when you switch to sha256.

Is there any chance the InstallShield 2015 will be updated to fully support sha256 certificates and sha256 timestamping?

My main reason for using InstallShield 2015 was to be ready for Microsoft's forced sha256 authenticode requirements.
Labels (1)
Labels
0 Kudos
(2) Replies
chad_smith2
Level 2
‎Apr 01, 2016 11:14 AM

Hoping that there is a solution here. Does changing the settings.xml file to a new time server work for anyone else?
0 Kudos
rguggisberg
Level 13
‎Apr 04, 2016 04:01 PM

This does work for me. Are you aware that as of InstallShield 2015 SignTool.exe is no longer distributed with InstallShield? Copy it manually.
0 Kudos