[MSI] Digital signatureΒΆ

Digitally sign the MSI package to protect resources from tampering. It is highly recommended to digitally sign the package before publishing it on the web and distributing outside of your organization.

Important

Precondition: Open an MSI package in MSI Editor (see Open MSI/MST).

  1. Go to the Package Designer > Digital signature tab.

    msi-editor-signature

  2. Tick the Enable package signing option, specify the Certificate, its Password, and the Time stamping server. Enter a Description of signed product that will be displayed to the end user in the User Account Control (UAC) window.

    Note

    The use of time stamping allows signatures to be verifiable even after the certificates used for signature have expired.

    msi-editor-signature-enabled

  3. To sign the MSI package including the external CAB (if exists), select MENU > Save and sign.

    msi-editor-signature-save-and-sign

Warning

Ensure that the certificate, used for signing, is trusted on that system. If you are using the self signed certificate, install it manually to the Trusted People or Trusted Publishers local machine certificate store. By adding a certificate to local machine certificate stores, you affect the certificate trust of all users on the computer. It is recommended that you remove those certificates when they are no longer necessary to prevent them from being used to compromise system trust.




Note

PACE Suite covers the whole range of application packaging tasks - learn more.

Try PACE Suite for free - 21 days no obligations unlimited trial with all functions unlocked.