Tip: How to code sign a setup package

Code signing is important
Today it is important to code sign a setup package, especially if the setup will be distributed via the Internet. The digital signature that is added to the setup package assures that the setup program and the files to install have not been tampered with, or infected by malware, since the creation. A code signed setup package also generates fewer warning messages, and those messages that are shown are not so harsh. For more details, see this information page.
Visual Installer can code sign a setup package automatically
In this step-by-step tip we will show how to make Visual Installer code sign an installation, after it has packed the files and created a setup package. Visual Installer can code sign an installation automatically, during the creation process, so no manual work is needed.

Choose correct tip
The steps below will be different depending on if your digital certificate was delivered on a USB token (USB stick) or on a file (from the web). Choose correct tip below:
My digital certificate was delivered on a:

If your digital certificate was delivered on a USB token (USB stick) you can follow the steps below:
How to create a code signed setup package:

1. Make sure that your USB token (USB stick) with the digital certificate is plugged into the USB port and that the necessary software is running.
2. Start Visual Installer and open an installation project.
3. Select the Special - Setup options menu item:
Special - Setup options
4. Open the Code Signing tab in the Setup options dialog box:
Setup options - Code Signing
5. Select the Code sign self-extracting installation package option in the dialog box. The other controls in the dialog box will now be available:
Setup options - Code Signing - Controls now available
6. If Visual Installer can find a proper code signing tool on your hard disk, it will display the file path to the tool in Code signer program text box automatically:
Setup options - Code Signing - Code signer tool
7. If the Code signer program text box is empty, Visual Installer can not find a tool automatically, but you can click on the Select button to the right of the text box to choose a tool manually.
The filename of the tool must be signtool.exe. The older signcode.exe tool can not be used with a USB token. If you have different versions of signtool.exe on your hard disk, choose the newest version. On this page you can read how to find the newest version of signtool.exe.
8. Now you need to select the My digital certificate is located on a USB token option in the USB token sub tab. This will tell Visual Installer that your digital certificate is located on a USB token.
Setup options - Code Signing - USB token
9. Visual Installer also need to know which hash algorithm to use. This is made via the Options sub tab in the Code Signing tab. We recommend you to select the Use SHA-1 and SHA-2 option. You can read more about the two hash algorithms (SHA-1 and SHA-2) on this page.
Setup options - Code Signing - SHA1 / SHA2
10. Select a time stamp in the Time stamp combo box, for example "Symantec / VeriSign".
Setup options - Code Signing - Time stamp
11. Press OK to close the Setup options dialog box.
12. Now create a setup package by choosing the File - Create setup package menu option in the editor. When the creation process is finished, you will have a code signed setup package!
The USB token driver software may ask for password (1 or 2 times) everytime you create the setup package. If you want to get rid of this behaviour, you can change a setting in your driver software, so it only asks for a password once. Read more on this page.
The settings that you specified above will be saved with the project file, so the next time you open the same project you only need to create the setup package. You don't need to follow all steps above once again. You only need to follow the steps if you create a completely new installation project.
If you want to view the digital signature for your setup package closer you can right-click on the setup file in Windows Explorer and choose the Properties menu item. Thereafter you can open the Digital Signatures tab in the dialog box. For more details, read the What is Code Signing article on our site. 

< Tips Index Page

Go to Visual Installer product page Visual Installer Tip