cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring Extended Validation (EV) Certificate information in InstallShield

Configuring Extended Validation (EV) Certificate information in InstallShield

Introduction

Below are the different ways of configuring EV USB eToken based code signing in InstallShield. Note that you will need a SafeNet USB Token connected to a machine where InstallShield software is present. You are also required to install the associated eToken management software from a certificate vendor (example SafeNet Authentication Client).

Instructions

Choosing 'Use a certificate store' option.

Choose EV certificate entry from Personal -> User Certificate store. Please note that private key of EV certificate
is stored on a separate certified hardware modules like USB tokens or HSMs and it is protected using token password. You will be prompted for a token password during signing process when the certificate is accessed from the USB token. There is also an option called 'Enable single logon' setting that comes with EV client software tool (eg. SafeNet Authentication Client) which helps to limit user interventions per session with only one token password request. 

Using Custom Signing Type option.

Use this option to select and configure a custom signing solution to digitally sign build-generated files. This helps to automate the scenarios where the Standard signing option is not suitable. This setting is helpful to override the InstallShield default signing flow with the custom signing solution. Choosing this option enables the additional fields where custom signing utility path and arguments can be configured. For example, you would be able to configure Microsoft Sign Tool from Windows SDK folder to take care of signing task.


Using Custom Signing option to execute batch file.

 

Configuring batch file settings in InstallShield Signing Tab:
image.png


Sample Signing.bat file contents. Use %1 variable as a place holder for the full file path to be signed.
image.png


Using Custom Signing option to execute VB script.


Configuring VB script in InstallShield Signing Tab:
image.png

 

Refer below sample VB script to retrieve the full file path to be signed.image.png


Selecting exported public key certificate file (.cer file exported).

This option also provides possibility to encrypt and store EV token password in the project file.

  1. Open Authentication Client tool associated with USB eToken provider (eg. SafeNet Authentication Client)
  2. Find User certificate and click on Export file option as shown below picture. Save it as ev.cer file

    image.png
  3. Go to Release => Signing Tab view in InstallShield and choose the previously exported .cer file as shown below
     image.png
  4. Configured the below required fields based on the private key properties of a user certificate in EV vendor software.

    image.png

    Private Key Properties:
    image.png

  5. Save and Build the project. 

    InstallShield encrypts and stores an EV token password in the project file. You will get a password prompt from EV vendor if Token Password is not configured.

     
Labels (1)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Jan 03, 2024 06:18 AM
Updated by:
Contributors