Integrate InstallShield for custom signing
InstallShield is a leading solution for developers to create reliable and modern installation packages for Windows, including MSI and MSIX formats. It simplifies the software installation process with a user-friendly interface, seamless integration into development environments like Visual Studio, and capabilities for cloud-based and multi-platform deployments.
Follow these instructions to integrate InstallShield with Software Trust Manager or KeyLocker.
Prerequisites
InstallShield 2023 R2 or later (from Revenera)
SMCTL
Client authentication certificate
Code signing certificate file (public key only)
API key ( KeyLocker)
Client certificate password ( KeyLocker)
Keypair name (for KeyLocker)
Step 1: Create and save the PowerShell script
Review the following script that configures the session environment variables for KeyLocker and invokes signtool.exesigntool.exe
to sign the file passed from InstallShield.
Based on the following script, you can save the PowerShell script as powersign.ps1
.
# PowerShell script to sign files using signtool with STM/KeyLocker integration. param( [string]$name # Receives the filename to be signed ) # Set session environment variables for DigiCert STM/KeyLocker SaaS service: $env:SM_API_KEY="your_api_key_here" $env:SM_CLIENT_CERT_FILE="path_to_your_ClientAuthCertificate.p12" $env:SM_CLIENT_CERT_PASSWORD="your_certificate_password_here" $env:SM_HOST="https://clientauth.one.digicert.com" # Call signtool with necessary parameters: signtool.exe sign /csp "DigiCert Signing Manager KSP" /kc "Your_KeyPair_Name" /f "Path_to_Your_CodeSigning_Certificate_File" /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $name
Step 2: Configure InstallShield for custom signing
Open InstallShield, and then load your project.
Navigate to the Release Configuration section, and then in the project tree, select Release.
Under the selected release, select the Signing tab.
Set the Signing Type to Custom.
Specify the full path (folder and filename) to the script created in Step 1, such as
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
.Enter the following argument to specify the full path (folder and filename) to the PowerShell script and the signing file. Specifically, replace
path_to_the_powershell_script.ps1
with the path topowersign.ps1
.-f "path_to_the_powershell_script.ps1" -name [filename]
Step 3: Validate the configuration
Run the InstallShield build process to build a project.
Locate the output file.
Select Properties > Digital Signatures to ensure the digital signature displays correctly.