This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Knowledge Base
- :
- Signing with a RFC 3161 Timestamp Server
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Signing with a RFC 3161 Timestamp Server
Signing with a RFC 3161 Timestamp Server
Summary
Discussion on specifying a RFC 3161 URL and workaround when digitally signing with InstallShield.Symptoms
When using Signtool, the /tr command line parameter allowed users to specify the URL of the RFC 3161 time stamp server. There is no direct method or workaround in InstallShield 2015 to specify the URL of a RFC 3161 time stamp server.Cause
In older versions of InstallShield, the following entry ?<DigitalSignature Timestamp="http://timestamp.verisign.com/scripts/timstamp.dll"/> in the settings.xml could be modified to <DigitalSignature Timestamp="http://timestamp.geotrust.com/tsa"/> to utilize this feature. Due to the changes in signing in InstallShield 2015, this workaround prevents the installation from being signed correctly.Steps To Reproduce
- Create a new Basic MSI project
- Go to Media -> Release
- Create a new Product Configuration
- Create a new Release
- Select signing tab, specify a valid certificate
- Build and run setup, setup is signed with timestamp correctly
- Close InstallShield
- Open an Administrative Notepad.exe
- File -> Open? to InstallShield\2015\Support\0409 and specify Settings.xml
- Change the line of <DigitalSignature Timestamp="http://timestamp.verisign.com/scripts/timstamp.dll"/> to <DigitalSignature Timestamp="http://timestamp.geotrust.com/tsa"/> to try and workaround the issue
- Save the file
- Open InstallShield and build the project
- A -7346 warning occurs that it was signed with a SHA-1 certificate and the resulting file does not have a valid timestamp
Resolution
This issue was originally submitted to our Engineering team and was tracked under issue #IOJ-1732554. The issue has been resolved in InstallShield 2016, please see the InstallShield 2016 release notes in the Related Documents section below for additional information.Workaround
At this time, it is suggested to sign manually using signtool.exe post build to specify the /tr command line.Related Documents
Signtool.exe (Sign Tool) - MSDN ArticleInstallShield 2016 Release Notes - InstallShield 2016 Release Notes
No ratings