Installshield digital signature

When trying to sign the package we couldn't use any of our certificates in the Personal Certificates folder. Only after exporting the certificate and importing back to the "Trusted Root Certification Authorities" folder, we could manage to sign the files inside the package. No matter what option is selected and which certificate is used, we get the same error: ISDEV : error Internal build error.

Make sure the digital signature information provided in the IDE is correct. The password is correct, the pfx file exists and it contains the private-key, and in case of a certificate from a store, we tried every available folder, and also tried the current user and the local computer certificates.

We also tried creating general-purpose self-signed certificates using OpenSSL, these didn't work either. I tested with signtool and all is well. I can also see that the files included in the installer are being signed. To include a screenshot in your post, kindly click on this link. We'll be waiting for your response. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site.

In reply to John Vil's post on February 23, We appreciate your response. This forum is mainly composed of IT Professionals that can cater the complexity of your concern. Thank you. InstallShield enables you to use digital certificates that use the SHA or SHA-1 hashing algorithm for signing your installations and files at build time.

SHA is favored over SHA-1, which is being deprecated because of the potential for security vulnerabilities. Microsoft announced that Windows will stop trusting items that were signed and timestamped with SHA-1 certificates after January 1, In addition, certification authorities—the organizations that issue certificates—are phasing out the creation of SHA-1 certificates.

For the latest information and more specific details, check with your certification authority. If your project is configured to sign with a SHA certificate, InstallShield uses a SHA hash in the signature of the files that it signs at build time.

Important: Any new signatures created or timestamped after Jan 1, must be SHAbased signatures. Any files signed with an SHA-1 certificate need to have a timestamp showing a date and time prior to Jan 1, in order to continue to be supported.

Those files will still be allowed through the 'Mark-of-the-web" system until Jan 14, , when all SHA-1 support will stop in all current versions of Windows. When you are specifying the digital signature information that you want to use for signing your files and installations, InstallShield lets you choose between the following options:.

You can use a personal information exchange file. You can view the digital signature details for InstallShield Software Corporation with the following steps:. As you can see in the screenshot above, Windows states that "This digital signature is OK".

This means that the file has been published by InstallShield Software Corporation and that the file has not been tampered with. If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc.