Digitally Signing a Release and Its Files at Build Time

InstallShield lets you configure digital signing settings for a release. At build time, InstallShield uses the settings that you have configured to sign your installation package, your Setup.exe file, and any other files in your release that meet the criteria that you have defined.

In the View List under Media, click Releases.

In the Releases explorer, click the release that you want to sign.

Click the Signing tab.

Configure the following settings as appropriate:

Certificate URL

Digital Certificate File

Private Key File—Note that if you specify a .pfx file, you do not also need to specify a .pvk file.

Certificate Password

In the Sign Output Files setting, specify which files (Setup.exe, the .msi package, both of those files, or neither of those files) you want to be signed.

In the Sign Files in Package setting, specify whether you want to sign additional files in your installation.

If you select Yes, use the other settings under the Sign Files in Package setting to indicate which files and file patterns should be signed and which should not be signed.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

For detailed information about any of the settings on the Signing tab, see Signing Tab for a Release.

At build time, InstallShield signs the files as specified on the Signing tab. If the release is for an installation that includes merge modules, note that the files are signed before the merge module is merged.