Tip: How to code sign a setup package
Code signing is important
it is important to
code sign a
setup package, especially if the setup will be distributed via
the Internet. The digital signature that is added to the setup
package assures that the setup program and the files to install
have not been tampered with, or infected by malware, since the
creation. A code signed setup package also generates fewer
warning messages, and those messages that are shown are not so
harsh. For more details, see
this information page.
Visual Installer can code sign a setup package automatically
In this step-by-step tip we will show how to
Visual Installer code sign an installation, after it has
packed the files and created a setup package. Visual Installer
can code sign an installation automatically, during the creation
process, so no manual work is needed.
Choose correct tip
The steps below will be different depending on if your digital
certificate was delivered on a USB token (USB stick) or on a
file (from the web). Choose correct tip below:
My digital certificate was delivered on a:
If your digital certificate was delivered on a USB token (USB
stick) you can follow the steps below:
How to create a code signed setup package:
1. Make sure that your USB token (USB stick) with the
digital certificate is plugged into the USB port and that the
necessary software is running.
2. Start Visual Installer and open an installation
Special - Setup options menu item:
Open the Code Signing tab in the Setup options
Select the Code sign self-extracting installation package
option in the dialog box. The other controls in the dialog
box will now be available:
If Visual Installer can find a proper code signing tool on your
hard disk, it will display the file path to the tool in Code
signer program text box automatically:
7. If the Code
signer program text box is empty, Visual Installer can not
find a tool automatically, but you can click on the Select
button to the right of the text box to choose a tool manually.
filename of the tool must be
signtool.exe. The older signcode.exe tool can not be
used with a USB token. If you have different versions of
signtool.exe on your hard disk, choose the newest version. On this page you can read how to find the newest
8. Now you need to select the My digital certificate
is located on a USB token option in the USB token sub
tab. This will tell Visual Installer that your digital
certificate is located on a USB token.
Visual Installer also need to know which hash algorithm to use. This is
the Options sub tab in the Code Signing tab. We recommend you
to select the Use SHA-1 and SHA-2 option.
You can read more about the two hash algorithms (SHA-1 and
Select a time stamp in the Time stamp combo box, for
example "Symantec / VeriSign".
Press OK to close the Setup options dialog box.
Now create a setup package by choosing the File - Create
setup package menu option in the editor. When the creation
process is finished, you will have a code signed setup package!
token driver software may ask for password (1 or 2
times) everytime you create the setup package. If you
want to get rid of this behaviour, you can change a setting in
your driver software, so it only asks for a password
once. Read more
settings that you specified above will be saved with the project
file, so the next time you open the same project you only need
to create the setup package. You don't need to follow all steps
above once again. You only need to follow the steps if you
create a completely new installation project.
If you want
to view the digital signature for your setup package closer you
can right-click on the setup file in Windows Explorer and choose
the Properties menu item. Thereafter you can open the
Digital Signatures tab in the dialog box. For more details,
read the What is
Code Signing article on our site.
< Tips Index Page