Signing Tab for a Release

InstallShield 2015 » Releases View » Release

Project: The Signing tab is available in the following project types:

Advanced UI
Basic MSI
InstallScript
InstallScript MSI
InstallScript Object
Merge Module
Suite/Advanced UI

The Signing tab is where you specify the digital signature information—including the digital certificate files that a certification authority grated to you—that InstallShield should use to sign your files. It is also where you specify which files in your installation should be digitally signed at build time.

Settings on the Signing Tab

Setting

Project Type

Description

Sign Setup.exe File

Advanced UI, Suite/Advanced UI

Specify whether you want to sign the Advanced UI or Suite/Advanced UI installation.

Certificate URL

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

Type a fully qualified URL—for example, http://www.mydomain.com. This URL is used in your digital signature to link to a site that you would like end users to visit to learn more about your product, organization, or company.

Digital Certificate Information

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

To specify the digital certificate that you want to use to sign your release, click the ellipsis button (...) in this setting. The Certificate Selection dialog box opens, enabling you to specify either the location of the .pfx file or information about the certificate store that contains the certificate.

To learn more, see Certificate Selection Dialog Box.

Certificate Password

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

If the .pfx file that you are using has a password, enter it. InstallShield encrypts the password and stores it in your project file (.ism).

At build time, InstallShield uses the password to sign files with a .pfx file. If your certificate is protected by a password but you do not enter it in this setting, signing with a .pfx file fails.

Note that if you configure your project to use a certificate that was imported with password protection into a store, Windows prompts for the password at build time when InstallShield is attempting to sign your project’s files. The strong key protection that Windows uses does not permit InstallShield to provide the password to the cryptographic provider.

Sign Output Files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify which files you want to be signed. Available options are:

Media Header—To sign only your media header file (Data1.hdr), select this option.

This option is available for InstallScript projects.

None—To avoid signing your installation, select this option.

This option is available for Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, and Merge Module projects.

Setup.exe—To sign your Setup.exe file, select this option.

This option is available for Basic MSI, InstallScript, and InstallScript MSI projects.

Setup.exe and Media Header—To sign your Setup.exe file and your media header file (Data1.hdr), select this option.

This option is available for InstallScript projects.

Setup.exe and Windows Installer Package—To sign your Setup.exe file and your Windows Installer package (.msi), select this option.

This option is available for Basic MSI and InstallScript MSI projects.

Windows Installer Package—To sign your Windows Installer package (.msi or .msm), select this option.

This option is available for Basic MSI, InstallScript MSI, and Merge Module projects.

Signature Description

Advanced UI, Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module, Suite/Advanced UI

Specify the signature description that you want to use for files that are specified in the Sign Output Files setting. The description that you specify is displayed on the User Account Control (UAC) box to the right of the “Program Name:” label. The UAC dialog box opens when an end user launches the signed file and elevated privileges are required.

If you leave this setting blank, InstallShield uses the name of the file without its extension as the description to the right of the “Program Name:” label on the UAC dialog box. Note that if you use the Sign Files in Package setting and its subsettings to sign the files in your package, InstallShield does not use this signature description for the UAC dialog box of the files in your package that are signed at build time.

Sign Files in Package

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify whether you want to sign any of the files in your release.

If you select Yes, use the Include Patterns and Files setting and the Exclude Patterns and Files setting to indicate which files should be signed.

Sign Files That Are Already Signed

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

If any of the files in your project are already digitally signed, determine whether you want InstallShield to replace those existing digital signatures with the digital signature that you specify on the Signing tab. Note that this affects only files that meet the requirements that are specified in the Include Patterns and Files setting and the Exclude Patterns and Files setting.

To use the digital signature information that you are providing on the Signing tab to sign a file instead of any existing digital signature information that is already included with the file, select Yes.
To leave the existing digital signature information intact for any files that are already signed, select No.

The default value is No.

Sign Files in Their Original Location

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Determine whether you want InstallShield to sign your original files or just the files that are built into the release:

If you want InstallShield to sign a temporary copy of each file and then use that signed temporary copy to build a release, select No. Note that if you select No, InstallShield will not modify or sign your original files.
If you want InstallShield to sign your original files, select Yes.

The default value is No.

Include Patterns and Files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

To specify the files and file patterns that you want to be digitally signed at build time, do one of the following:

To select one or more file names or file patterns from a list of all of the static files that are currently in your project, as well as file patterns such as *.dll, click the ellipsis button (...) in this setting. The Browse for file dialog box opens, enabling you to select one or more patterns and files. When you are done selecting items, InstallShield adds one or more new Include settings under the Include Patterns and Files setting.
To type a file name or pattern manually, click the Add button in this setting. InstallShield adds a new Include setting under the Include Patterns and Files setting; use this new setting to specify the file name or pattern.

Include

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify the file or file pattern that you want to be digitally signed at build time. Note the following guidelines:

To indicate a wild-card character, use an asterisk (*).

For example, if you want to sign all .exe files, specify the following: *.exe

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to sign all files that match a certain pattern.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

To delete the file or file pattern, click the Delete button in this setting.

To add another file or file pattern, use the Include Patterns and Files setting.

Exclude Patterns and Files

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

To specify the files and file patterns that you do not want to be digitally signed at build time, do one of the following:

To select one or more file names or file patterns from a list of all of the static files that are currently in your project, as well as file patterns such as *.dll, click the ellipsis button (...) in this setting. The Browse for file dialog box opens, enabling you to select one or more patterns and files. When you are done selecting items, InstallShield adds one or more new Exclude settings under the Exclude Patterns and Files setting.
To type a file name or pattern manually, click the Add button in this setting. InstallShield adds a new Exclude setting under the Exclude Patterns and Files setting; use this new setting to specify the file name or pattern.

Exclude

Basic MSI, InstallScript, InstallScript MSI, InstallScript Object, Merge Module

Specify the file or file pattern that you do not want to be digitally signed at build time. Note the following guidelines:

To indicate a wild-card character, use an asterisk (*).

For example, if you do not want to sign any .drv files, specify the following: *.drv

Using wild-card characters is especially helpful if you include dynamically linked files in your project and you want to avoid signing all files that match a certain pattern.

Note that the files and file patterns that should not be signed override any files and file patterns that should be signed. For example, if you specify *.exe in an Include setting and in an Exclude setting, InstallShield does not sign any .exe files.

To delete the file or file pattern, click the Delete button in this setting.

To add another file or file pattern, use the Exclude Patterns and Files setting.

See Also