- Revenera Community
- :
- InstallShield
- :
- InstallShield Knowledge Base
- :
- Preliminary Troubleshooting Steps for Digital Signing Issues prior to InstallShield 2023 R2
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Preliminary Troubleshooting Steps for Digital Signing Issues prior to InstallShield 2023 R2
Preliminary Troubleshooting Steps for Digital Signing Issues prior to InstallShield 2023 R2
Introduction
This article discusses preliminary troubleshooting steps for digital signing issues with InstallShield versions prior to InstallShield 2023 R2.
Troubleshooting Steps
- Determine the InstallShield Edition (Express, Professional - renamed to InstallShield Edition, Premier) based on the Help > About InstallShield screen.
- Determine the InstallShield project type: Basic MSI, InstallScript, InstallScript MSI.
- Determine which Cloud HSM is storing the digital certificate: AWS Cloud HSM, Azure Key Vault, DigiCert KeyLocker, or a different Cloud HSM.
- Determine whether you can manually digitally sign an arbitrary file with signtool.exe, azuresigntool.exe, if you're using Azure Key Vault, or smctl.exe, if you're using DigiCert KeyLocker, outside of and without using InstallShield, just as a test.
- If step# 4 succeeds, the project type is Basic MSI, and the InstallShield Edition is Premier Edition, under the Releases > Release > Events, configure the following Windows Batch file for the Precompression Build Event to digitally sign the MSI:
In the Precompression Build Event field, specify the following:
C:\InstallShield 2022 Projects\BasicMSIDigitalSigningTest\signMSI.bat
In the signMSI.bat file, include the following:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /fd SHA256 /debug /f "C:\Users\Test\Desktop\MySelfSignedCertXYZ.pfx" /du https://www.revenera.com /t http://timestamp.digicert.com /p "<PFXPassword>" "C:\InstallShield 2022 Projects\BasicMSIDigitalSigningTest\Product Configuration 1\Release 1\DiskImages\DISK1\BasicMSIDigitalSigningTest.msi" - If the project type is Basic MSI and the InstallShield Edition is Premier Edition, under the Releases > Release > Events, configure the following Windows Batch file for the Postbuild Build Event to digitally sign the setup.exe:
In the Postbuild Build Event field, specify the following:
C:\InstallShield 2022 Projects\BasicMSIDigitalSigningTest\signSetupEXE.bat
In the signSetupEXE.bat file, include the following:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /fd SHA256 /debug /f "C:\Users\Test\Desktop\MySelfSignedCertXYZ.pfx" /du https://www.revenera.com /t http://timestamp.digicert.com /p "<PFXPassword>" "C:\InstallShield 2022 Projects\BasicMSIDigitalSigningTest\Product Configuration 1\Release 1\DiskImages\DISK1\setup.exe" - Build an uncompressed release.
Outcome
If this issue is resolved, the uncompressed .msi file should have a Digital Signatures Tab and list the digital certificate information indicating that the MSI is digitally signed and the uncompressed setup.exe should have a Digital Signatures Tab and list the digital certificate information indicating that the setup.exe is digitally signed.
More Information
To download the sample project used to test the troubleshooting steps in this article, see the BasicMSIDigitalSigningTest.zip file attached to this article. Note: In the Windows batch files included with the sample project, make sure to change <PFXPassword> to your PFX password for your digital certificate.
If this article did not resolve the digital signing issue(s), contact Support.
For more information about digital signing with Extended Validation (EV) digital certificates, specific to InstallShield 2023 R2, please review the documentation here.