Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 3

cannot get sha256 timestamps to work

I am able to sign and timestamp my own exe files using signtool with my new sha256 verisign authenticode certificate. The signature works fine from windows 7 to 10. Both the signature and timestamp use sha256.

However, I am unable to get the InstallShield 2015 to properly timestamp my MSI installer.

By default it uses the non-sha256 timestamper supplied by verisign. If I edit the settings.XML file to use the same sha-256 compliant timestamper that I use on my exe files (, the time stamp gets left out of the MSI file. So I end up with a signed MSI file that has no timestamp.

I suppose this is not surprising since the settings.xml file does not let you specify any of the required signtool parameters when you switch to sha256.

Is there any chance the InstallShield 2015 will be updated to fully support sha256 certificates and sha256 timestamping?

My main reason for using InstallShield 2015 was to be ready for Microsoft's forced sha256 authenticode requirements.
Labels (1)
0 Kudos
(2) Replies
Level 2

Hoping that there is a solution here. Does changing the settings.xml file to a new time server work for anyone else?
0 Kudos
Level 13

This does work for me. Are you aware that as of InstallShield 2015 SignTool.exe is no longer distributed with InstallShield? Copy it manually.
0 Kudos