Signing Tab for a Release

InstallShield 2014 » Releases View » Release

Project: The Signing tab is available in the following project types:

Advanced UI
Basic MSI
InstallScript
InstallScript MSI
InstallScript Object
Merge Module
Suite/Advanced UI

The Signing tab is where you specify the digital signature information—including the digital signature files granted to you by a certification authority—that InstallShield should use to sign your files. It is also where you specify which files in your installation should be digitally signed at build time.

Settings on the Signing Tab

Setting

Project Type

Description

Sign Setup.exe File

Advanced UI, Suite/Advanced UI

Specify whether you want to sign the Advanced UI or Suite/Advanced UI installation.

Certificate URL

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

Type a fully qualified URL—for example, http://www.mydomain.com. This URL is used in your digital certificate to link to a location you would like end users to visit in order to learn more about your product, organization, or company.

Digital Certificate File

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

Specify the location of your digital certificate file (.spc or .pfx) provided by a certification authority. You can type the path to the file or use the Browse button to navigate to the file location.

If you specify an .spc file, you must also specify a .pvk file.

Private Key File

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

If you are using an .spc file, you must also specify the location of your private key file (.pvk) provided by a certification authority. You can type the path to the file or use the Browse button to navigate to the file location.

Certificate Password

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

If you would like to pass the password for the .pvk file or the .pfx file to ISCmdBld.exe to digitally sign your application while building the release from the command line, type the password in this box. InstallShield encrypts this password and stores it in your project file (.ism).

If you do not specify a password in this box but you are digitally signing the release while building it from the command line, you will need to manually enter the password when you are prompted each time that you build the release from the command line.

Sign Output Files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify which files you want to be signed. Available options are:

Media Header—To sign only your media header file (Data1.hdr), select this option.

This option is available for InstallScript projects.

None—To avoid signing your installation, select this option.

This option is available for Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, and Merge Module projects.

Setup.exe—To sign your Setup.exe file, select this option.

This option is available for Basic MSI, InstallScript, and InstallScript MSI projects.

Setup.exe and Media Header—To sign your Setup.exe file and your media header file (Data1.hdr), select this option.

This option is available for InstallScript projects.

Setup.exe and Windows Installer Package—To sign your Setup.exe file and your Windows Installer package (.msi), select this option.

This option is available for Basic MSI and InstallScript MSI projects.

Windows Installer Package—To sign your Windows Installer package (.msi or .msm), select this option.

This option is available for Basic MSI, InstallScript MSI, and Merge Module projects.

Project: InstallShield does not support using .pfx files to sign media header files (.hdr files), which are used for the One-Click Install type of installation for InstallScript projects. For this type of installation, consider one of the following alternatives:

Use .spc and .pvk files instead of a .pfx file for your digital signature.
Build a compressed installation, which would enable you to sign with a .pfx file.

Sign Files in Package

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify whether you want to sign any of the files in your release.

If you select Yes, use the Include Patterns and Files setting and the Exclude Patterns and Files setting to indicate which files should be signed.

Sign Files That Are Already Signed

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

If any of the files in your project are already digitally signed, determine whether you want InstallShield to replace those existing digital signatures with the digital signature that you specify on the Signing tab. Note that this affects only files that meet the requirements that are specified in the Include Patterns and Files setting and the Exclude Patterns and Files setting.

To use the digital signature information that you are providing on the Signing tab to sign a file instead of any existing digital signature information that is already included with the file, select Yes.
To leave the existing digital signature information intact for any files that are already signed, select No.

The default value is No.

Sign Files in Their Original Location

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Determine whether you want InstallShield to sign your original files or just the files that are built into the release:

If you want InstallShield to sign a temporary copy of each file and then use that signed temporary copy to build a release, select No. Note that if you select No, InstallShield will not modify or sign your original files.
If you want InstallShield to sign your original files, select Yes.

The default value is No.

Include Patterns and Files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

To specify the files and file patterns that you want to be digitally signed at build time, do one of the following:

To select one or more file names or file patterns from a list of all of the static files that are currently in your project, as well as file patterns such as *.dll, click the ellipsis button (...) in this setting. The Browse for file dialog box opens, enabling you to select one or more patterns and files. When you are done selecting items, InstallShield adds one or more new Include settings under the Include Patterns and Files setting.
To type a file name or pattern manually, click the Add button in this setting. InstallShield adds a new Include setting under the Include Patterns and Files setting; use this new setting to specify the file name or pattern.

Include

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify the file or file pattern that you want to be digitally signed at build time. Note the following guidelines:

To indicate a wild-card character, use an asterisk (*).

For example, if you want to sign all .exe files, specify the following: *.exe

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to sign all files that match a certain pattern.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

To delete the file or file pattern, click the Delete button in this setting.

To add another file or file pattern, use the Include Patterns and Files setting.

Exclude Patterns and Files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

To specify the files and file patterns that you do not want to be digitally signed at build time, do one of the following:

To select one or more file names or file patterns from a list of all of the static files that are currently in your project, as well as file patterns such as *.dll, click the ellipsis button (...) in this setting. The Browse for file dialog box opens, enabling you to select one or more patterns and files. When you are done selecting items, InstallShield adds one or more new Exclude settings under the Exclude Patterns and Files setting.
To type a file name or pattern manually, click the Add button in this setting. InstallShield adds a new Exclude setting under the Exclude Patterns and Files setting; use this new setting to specify the file name or pattern.

Exclude

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify the file or file pattern that you do not want to be digitally signed at build time. Note the following guidelines:

To indicate a wild-card character, use an asterisk (*).

For example, if you do not want to sign any .drv files, specify the following: *.drv

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to avoid signing all files that match a certain pattern.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

To delete the file or file pattern, click the Delete button in this setting.

To add another file or file pattern, use the Exclude Patterns and Files setting.

See Also