This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Having the same issue. Have you found any solution or received a reply at all?
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Oct 01, 2015
03:04 PM
cannot get sha256 timestamps to work
I am able to sign and timestamp my own exe files using signtool with my new sha256 verisign authenticode certificate. The signature works fine from windows 7 to 10. Both the signature and timestamp use sha256.
However, I am unable to get the InstallShield 2015 to properly timestamp my MSI installer.
By default it uses the non-sha256 timestamper supplied by verisign. If I edit the settings.XML file to use the same sha-256 compliant timestamper that I use on my exe files (http://timestamp.entrust.net/TSS/RFC3161sha2TS), the time stamp gets left out of the MSI file. So I end up with a signed MSI file that has no timestamp.
I suppose this is not surprising since the settings.xml file does not let you specify any of the required signtool parameters when you switch to sha256.
Is there any chance the InstallShield 2015 will be updated to fully support sha256 certificates and sha256 timestamping?
My main reason for using InstallShield 2015 was to be ready for Microsoft's forced sha256 authenticode requirements.
However, I am unable to get the InstallShield 2015 to properly timestamp my MSI installer.
By default it uses the non-sha256 timestamper supplied by verisign. If I edit the settings.XML file to use the same sha-256 compliant timestamper that I use on my exe files (http://timestamp.entrust.net/TSS/RFC3161sha2TS), the time stamp gets left out of the MSI file. So I end up with a signed MSI file that has no timestamp.
I suppose this is not surprising since the settings.xml file does not let you specify any of the required signtool parameters when you switch to sha256.
Is there any chance the InstallShield 2015 will be updated to fully support sha256 certificates and sha256 timestamping?
My main reason for using InstallShield 2015 was to be ready for Microsoft's forced sha256 authenticode requirements.
(2) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Apr 01, 2016
11:14 AM
Hoping that there is a solution here. Does changing the settings.xml file to a new time server work for anyone else?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Apr 04, 2016
04:01 PM
This does work for me. Are you aware that as of InstallShield 2015 SignTool.exe is no longer distributed with InstallShield? Copy it manually.