The fifth article in our step-by-step series for the MSI Builder is all about digital signatures.
Signing
Certificate
You will need a digital certificate installed on your computer. SAPIEN’s MSI Builder will only use trusted certificates installed on your machine. Rather than typing the name yourself, we highly recommend using the browse button to the right of the Certificate field to select a suitable certificate.
Timestamp URL
If you are not sure what signing, time stamps, and certificates are about, here are some links to previous blog posts on this subject:
- Everything you wanted to know about Code Signing but were afraid to ask
- Why do I need a time stamp when signing a script?
- Script security features add to PrimalScript
Files configured for signing
Select all the files you want to be signed during the build process. Your MSI file that the MSI Builder will create is always at the top of this list—make sure it is checked if you want to sign your installer.
If you use macros like [ProductVersion] in your MSI name, you will need to re-check that file each time a value changes, as the output name is updated.
Please also consider that if you re-distribute third-party files, they may already be signed. The MSI builder will sign whichever file you tell it to sign, thus potentially overwriting an existing signature from another vendor.
Related
- MSI Builder Step-by-Step: Product Details
- MSI Builder Step-by-Step: Files and Folders
- MSI Builder Step-by-Step: User Interface
- MSI Builder Step-by-Step: PowerShell Modules
- MSI Builder Step-by-Step: Shortcuts
- MSI Builder Step-by-Step: Custom Actions
- MSI Builder Step-by-Step: Services
Feedback
If you have any questions or concerns, please comment below or post in our Support Forums.