Nov 20, 2018
11:14 AM
I should add that I'm using 2018 R2. Did not try it before that.
... View more
Nov 20, 2018
11:09 AM
If I use the certificate store option, instead of the PFX file option it seems to work for me. I have my EV device set to just prompt for the password once per day.
... View more
Feb 28, 2018
05:40 PM
On my computer 2018 takes about 6 seconds and 2016 takes about 4 seconds. That is just the launch without loading any project on launch.
... View more
Nov 09, 2017
06:45 PM
Any plans to support EV Code Signing Certificates? They are getting to be a requirement for software distribution since they bypass the SmartScreen reputation building phase. Seems like newer versions of Windows 10 are more particular about programs without EV Code Signing. Our solution is to pre-sign all the executables and post sign the MSI file after InstallShield creates it. Using the security token does not seem to work with InstallShield as there does not seem to be any way to pass all the required signtool parameters. I'm not even sure if InstallShield uses signtool anymore, but it would be nice if we could simply pass in a signtool command line like Visual Studio allows.
... View more
- Tags:
- code sign
Labels
- Labels:
-
InstallShield 2016
Aug 30, 2016
01:20 PM
Thanks for confirming half of my bug report. The EXE installers I create are pure Installscript projects, thus I DO see the bug in those. I agree that MSI projects do NOT have the bug, after I took my own advice I tried it for myself, again. Hopefully you can get the Installscript bug fixed at some point. These are trusty updater type Installscripts that started out in InstallShield 3.0 way back in the 90s. The source location for some of the .exe files included are shared between the .MSI based installs and the pure Installscript EXE based installs so I either need to pre-sign the EXEs or have InstallShield do the signing, so I guess I will need to continue to pre-sign until you can get the Installscript bug fixed.
... View more
Aug 26, 2016
08:17 PM
The problem exists in both Basic MSI projects which result in a single MSI file and Installscript projects which result in a single EXE file. The only files which are not time stamped properly are unsigned EXE files which are listed in the to be signed filter list. It appears that in both cases the settings.xml file setting for the Time Stamp server is ignored. Even though the settings.xml file specifies a SHA256 time stamp server and the PFX file that I supply is an SHA256 certificate, the time stamp applied to these files in the filter list are always signed by your default SHA1 time stamp server, not the SHA256 server listed in the settings.xml file. Surely you could simply try it yourselves to see what happens.
... View more
Aug 26, 2016
04:06 PM
The files in the filter list are not already signed. The single MSI file or EXE file is properly signed with the supplied PFX file and time stamped with the SHA256 time stamp server from the settings.xml file. The unsigned files that get signed with the filter are signed with the supplied PFX file, but time stamped with the default SHA1 time server, which seems to be hard coded in your isdev.exe program rather than from the settings.xml time stamp server. Rather than quoting to me how it is supposed to work, why not just try it yourself and see what happens. In the meantime I have switched to pre-signing the unsigned files using signcode, and removing the files from the signing filter.
... View more
Aug 25, 2016
12:24 PM
To get SHA256 time stamps I changed the settings.xml file timestamp entries to look like this: so that the time stamps would be SHA256. This works on the MSI and EXE files that get built by InstallShield. These files show an SHA256 time stamp. Symantec SHA256 TimeStamping Signer - G1 However, unsigned EXE files embedded in the MSI and EXE installers that I have InstallShield sign via the Releases signing tab, Include patterns and files option still get timestamped with an SHA1 signature: Symantec Time Stamping Services Signer - G4 It is still unclear to me the importance of having SHA256 time stamps. So far, I have not seen it addressed in any of the Microsoft sky is falling SHA256 documents, but it would be nice if there was a way to make this work for EXE files signed via the Patterns and Files option.
... View more
Labels
- Labels:
-
InstallShield 2016
May 06, 2016
10:32 AM
just export to PFX, assign a password and go from there
... View more
Oct 01, 2015
03:04 PM
I am able to sign and timestamp my own exe files using signtool with my new sha256 verisign authenticode certificate. The signature works fine from windows 7 to 10. Both the signature and timestamp use sha256. However, I am unable to get the InstallShield 2015 to properly timestamp my MSI installer. By default it uses the non-sha256 timestamper supplied by verisign. If I edit the settings.XML file to use the same sha-256 compliant timestamper that I use on my exe files (http://timestamp.entrust.net/TSS/RFC3161sha2TS), the time stamp gets left out of the MSI file. So I end up with a signed MSI file that has no timestamp. I suppose this is not surprising since the settings.xml file does not let you specify any of the required signtool parameters when you switch to sha256. Is there any chance the InstallShield 2015 will be updated to fully support sha256 certificates and sha256 timestamping? My main reason for using InstallShield 2015 was to be ready for Microsoft's forced sha256 authenticode requirements.
... View more
Labels
- Labels:
-
InstallShield 2015
Latest posts by delderkidasa
Subject | Views | Posted |
---|---|---|
1352 | Nov 27, 2018 05:47 PM | |
1352 | Nov 20, 2018 11:14 AM | |
1352 | Nov 20, 2018 11:09 AM | |
706 | Feb 28, 2018 05:40 PM | |
2119 | Nov 09, 2017 06:45 PM | |
2280 | Aug 30, 2016 01:20 PM | |
2280 | Aug 26, 2016 08:17 PM | |
2280 | Aug 26, 2016 04:06 PM | |
8432 | Aug 25, 2016 12:24 PM | |
699 | May 06, 2016 10:32 AM |
Activity Feed
- Posted Re: EV Code Signing Certificate on InstallShield Forum. Nov 27, 2018 05:47 PM
- Posted Re: EV Code Signing Certificate on InstallShield Forum. Nov 20, 2018 11:14 AM
- Posted Re: EV Code Signing Certificate on InstallShield Forum. Nov 20, 2018 11:09 AM
- Posted Re: Startup of IS2018 on InstallShield Forum. Feb 28, 2018 05:40 PM
- Posted EV Code Signing Certificate Support on InstallShield Forum. Nov 09, 2017 06:45 PM
- Tagged EV Code Signing Certificate Support on InstallShield Forum. Nov 09, 2017 06:45 PM
- Posted Re: Still have SHA256 timestamp issue in released InstallShield 2016 on InstallShield Forum. Aug 30, 2016 01:20 PM
- Posted Re: Still have SHA256 timestamp issue in released InstallShield 2016 on InstallShield Forum. Aug 26, 2016 08:17 PM
- Posted Re: Still have SHA256 timestamp issue in released InstallShield 2016 on InstallShield Forum. Aug 26, 2016 04:06 PM
- Posted Still have SHA256 timestamp issue in released InstallShield 2016 on InstallShield Forum. Aug 25, 2016 12:24 PM
- Posted Re: Digital Signature - Switch to Certificate Store NOT Working :-( on InstallShield Forum. May 06, 2016 10:32 AM
- Posted cannot get sha256 timestamps to work on InstallShield Forum. Oct 01, 2015 03:04 PM