Run InnoSetup with Digital Signature

I have signtool.exe installed on my desktop pc. I now need to configure the InnoSetup script to incorporate a digital signature during the generation of the installation package executable. The following links were used as resources when configuring the InnoSetup program:

Signup.exe seems to use a digital certificate that ends in .pfx. This turns out to be the microsoft version of the .p12 certificate file. These files are identical, so I made a copy of my file and renamed it with a .pfx extension.

I then went through the following steps to configure InnoSetup to run with a digital signature:

  1. Started InnoIDE
  2. Opened my saved project
  3. Selected Tools > Configure Sign Tools
  4. Select Code Signing on LHS Panel, and then Select Add button – Figure 1

    Figure 1 – Configure Sign Tools Dialog

  5. Add Dialog, enter Command Name(Standard) and associated Command(“F:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\signtool.exe” $p) – Figure 2
    Figure 2 - Add Dialog

    Figure 2 – Add Dialog

  6. In the InnoSetup Scriptfor my project, Add/Append SignTool variable to the [Setup] section as defined in step below
  7. SignTool=Standard sign /f “J:\CertLocation\GlobalSign_cert.pfx” /p passwordXXXXXX /d $qNIM Installer$q $f
  8. Select Compile button to recompile the script and run the packaging process

Breakdown of step 7:
Standard is replaced by “F:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\signtool.exe” $p

SignTool.exe options
/f SignCertFile option is the location of the certification file

/p Password option is the certificates password

/d Desc specifies a description of the signed content

InnoSetup Constants
$q is an Inno Setup constant representing a quote

$f is a constant containing the name and path of the setup EXE created by Inno Setup

$p (for parameters)

After completing this process of packaging my windows desktop app into a digitally signed installation file, my Chrome Browser malicious download message and the Windows Security Warning installation messages all disappeared

Advertisements

2 Responses to Run InnoSetup with Digital Signature

  1. […] Run InnoSetup using a Digital Signature Share this:ShareLinkedInFacebookLike this:LikeBe the first to like this post. […]

  2. […] Post navigation « Previous Post Next Post » […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: