Code Signing |
|
|
|
Code Signing |
|
|
Code Signing |
|
|
|
Code Signing |
|
|
|
|
||
MSI Factory
Tip: See the Code Signing Defaults section of the build preferences (Edit > Preferences, Build) to configure default values when creating new projects.
If checked, the setup will be code signed during the build process using the settings below. If you are building a bootstrapper, the bootstrap executable will also be signed with these settings. See Authenticode Code Signing for more information.
The full path and filename of the code signing tool SignTool.exe on your system. You can click the Browse button to select the file. This tool could not be distributed, but is available in the \Windows Kits\XX\bin\x86 folder of the Windows Software Development Kit (SDK). For more information, see MSDN: SignTool (Windows), Windows Software Development Kit (SDK) for Windows 8.1, Windows Software Development Kit (SDK) for Windows 10.
Tip: If you're using a different code signing tool that contains different options, or you require further control, you may leave the settings fields blank (except for the tool), and instead specify the options in the Additional arguments field. If "SignTool.exe" is detected as the tool, MSI Factory will automatically pass the "sign" command. If you're not using SignTool and require a different command, add it as the first value in the Additional arguments field.
If you use a certificate on a hardware token, and do not see the prompt for the PIN/password during the build process, then you may need to select this checkbox. A typical error message when you need this option is this:
Error information: "Error: SignerSign() failed." (-2147023673/0x800704c7)
The URL of a SHA-256 timestamp server such as: http://timestamp.comodoca.com/?td=sha256. Refer to your certificate provider's documentation for the server URL to use.
If this value is provided, /fd 256 /tr <timestamp_url> /td sha256 will be added to the signing command.
Select this option if your certificate is stored in a "Personal Information Exchange" file (*.PFX, *.P12).
The full path and filename of the SHA-256 certificate to use when signing the patch file. This file must be a "Personal Information Exchange" file (*.PFX, *.P12). You can click the Browse button to select the file.
If the SHA-256 certificate is provided, /f <certificate_path> /fd sha256 will be added to the signing command.
The password to use for opening your SHA-256 certificate file (*.PFX, *.P12) if it's password protected. You can leave this value blank if your certificate is not password protected.
If this value is provided, /p <password_value> will be added to the signing command.
Select this option if your certificate can be accessed via the Certificate Manager in Windows.
This field allows you to enter any the name shown in "Issued To" (partial strings are also allowed, if they are unique) to identify the certificate to be used during the code signing process.
If this value is provided, /n <subject_name> will be added to the signing command.
This field allows you to enter the SHA1 hash of the signing certificate. This may be used if you have more than one certificate with the same subject name.
If this value is provided, /sha1 <hash> will be added to the signing command.
This field allows you to enter any additional options you would like to pass to the code signing tool beyond TrueUpdate's automatic parameters. If you leave any of the fields blank (except for tool location), you can manually pass their values using this field. The values entered here are appended to the beginning of the parameter list. When "SignTool.exe" is the chosen tool, MSI Factory automatically passes the "sign" command as the first argument.
The description of the signed content.
If this value is provided, /d <description_value> will be added.
A URL that provides further information about the signed content.
If this value is provided, /du <description_url> will be added.
Learn More: Indigo Rose Software - MSI Factory - Buy Now - Contact Us