This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Knowledge Base
- :
- Build Warning -7346
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Build Warning -7346
Build Warning -7346
Summary
When building an InstallShield 2015 and later project that is signed with a SHA-1 certificate, ISDEV: warning -7346 occurs.Symptoms
When building an InstallShield 2015 and later project that is signed with a SHA-1 certificate the following error occurs:ISDEV : warning -7346: The files in this release are being signed with a SHA-1 certificate. Windows will not trust files that were signed with SHA-1 certificates if they were signed after January 1, 2016
Cause
This warning occurs if your project is configured to use a SHA-1 certificate to digitally sign your release at build time.Starting January 1, 2016, Windows 7 and higher (and its Windows Server counterparts) will no longer trust any code that is signed with a SHA-1 code signing certificate and that contains a timestamp value greater than January 1, 2016. This restriction will not apply to the timestamp certificate or the certificate?s signature hash until January 1, 2017, after which time, Windows will treat any SHA-1 timestamp or signature hash as if the code did not have a timestamp signature.
In light of this, InstallShield 2015 has revised the way it signs installation and files at build time in order to support signing with SHA-256 certificates. Additionally, InstallShield will automatically use a SHA-256 hash in the signature of the files that it signs at build time if the project has been configured to sign with a SHA-256 certificate. SHA-256 is favored over SHA-1, which is being deprecated because of the potential for security vulnerabilities.
Resolution
It is recommended that you replace any SHA-1 certificates in your InstallShield projects with SHA-256 certificates. In InstallShield, to replace a SHA-1 certificate with a SHA-256 certificate for signing your releases, use the Signing tab in the Releases view to replace the reference to the current certificate with one for a SHA-256 certificate.Additional Information
For more information on the SHA-256 policy Microsoft is enforcing with Windows along with information on Windows Vista/Server 2008 requiring a SHA-1 signature, please refer to the following article: Windows Enforcement of Authenticode Signing and TimestampingFor more information on how InstallShield 2015 handles digital signing, please refer to the Support for SHA-256 Digital Certificates section of the InstallShield 2015 Release Notes: InstallShield 2015 Release Notes
For more information on digital signing and security, please refer to the following HelpNet article: Digital Signing and Security
No ratings
