khuntley asked a question.
What vendor is compatible with InstallShield that I can purchase a certificate and get the .pfx file that would slot into the build process.
Hi khuntley,
I'm assuming that you are talking about a code signing certificate for a desktop application. I'm sure most vendors can work, but I've used Sectigo with InstallShield. One thing I will mention is that the use of a PFX file seems to be a thing of the past for security reasons though maybe it is still possible with other vendors. The process has become a lot more complicated and I said that with the idea that I used to use a PFX file myself. It now involves having to have a USB plugged into the machine where InstallShield resides. If said machine is a VM, logging in with applications such as RDP (Windows Remote Desktop Connection) may not work as the certificate doesn't show up under that circumstance, at least not with the Sectigo vendor and again, maybe that isn't the case with other vendors. For example, with a VMWare VM and a Sectigo certificate, you have to login with things like vSphere in a browser for the certificate to be "seen" by InstallShield and this is a Windows thing, not an InstallShield thing. Again, just another security feature of sorts and my guess being that RDP is just too open to being used by "bad people". One of the more annoying things about the new way of doing things, i.e. not a PFX file, is that there is a "smart card" popup asking for the certificate password to be entered during a "manual" InstallShield build that doesn't seem to go away unless you remain logged into the machine. Now, can that be disabled or does it occur if your build process is in a pipeline type situation, I'm not sure, but in my current situation it's only a manual InstallShield build so far. With a pipeline I would hope that this popup would not show up and hence stop the process from continuing until some kind of manual intervention. So, for now, besides some so-called caveats, I can tell you that I've successfully used a Sectigo code signing certificate with InstallShield Premium 2025 R2. I hope this helps.
I work for a small firm and I'm the only person publishing software on a local machine. Is the 'USB Method' the same method mentioned that requires a 'Certificate Store' referenced in the Signing tab in the Builds/Setup.exe menu. I was looking at Sectigo and SSL(dot)com's OV Code Signing as options to purchase, the problem is that once I buy it I don't exactly know if that certificate is compatible with the way I'm building the software on InstallShield Premium.
Could you explain the exact process it takes to use the USB method? So you get the certification on a USB, open InstallShield, go to the Signing tab and then what. For me there's two options the '.pfx' method and the 'certificate store' method. Will the certification on the USB be recognized when I select it? I'm just trying to get a better understanding of what I'm actually doing before I spend the money on it.
In InstallShield, in the same section (Releases) where you would normally enter the path/filename of your PFX/CER file, you will indeed now choose the "Use a certificate store", you will then choose a Certificate Store Name of "Personal", Certificate Store Location of "User" and then under Certificate Subject you should be able to see the "company name" that you registered the OV code signing certificate under. Signature Digest should probably remain at the default of "Based on certificate hash". Of course, before you do anything in InstallShield, you'd have to follow Sectigo's instructions on how to install said certificate on your local machine, but that is probably an obvious point. For me, that was done by IT support so I can't tell you much about that part, but Sectigo provided plenty of documentation for that part of the process -- and that only has to be done once. I think the USB key must always be in the machine though as it's part of the security used now by certificate providers. I also think that the default password you are given with your USB must be changed -- or something to this effect and I know this because when we used the default it refused to work -- or something to that effect. Anyways, if you run into any problems at that level they like anyone has support to help you out. As a side note, I also use InstallShield Premium so I can assure you that this all works correctly -- or at least it did for us. :)
Are you sure you want to cancel the case creation?
Activity: Status change: 2 hours ago
Are you sure you want to close this case
| Products | Region | Phone Numbers |
|---|---|---|
| FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield |
North America * |
+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America) |
| Europe * |
+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe) |
|
| Japan * | +81 3-4540-5335 (select option 2) | |
| Australia * |
+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia) |
|
|
Usage Intelligence (formerly
Revulytics) Compliance Intelligence |
Please use the Case Portal to submit your support ticket or reach out to your Revenera contact. | |
Hi khuntley,
I'm assuming that you are talking about a code signing certificate for a desktop application. I'm sure most vendors can work, but I've used Sectigo with InstallShield. One thing I will mention is that the use of a PFX file seems to be a thing of the past for security reasons though maybe it is still possible with other vendors. The process has become a lot more complicated and I said that with the idea that I used to use a PFX file myself. It now involves having to have a USB plugged into the machine where InstallShield resides. If said machine is a VM, logging in with applications such as RDP (Windows Remote Desktop Connection) may not work as the certificate doesn't show up under that circumstance, at least not with the Sectigo vendor and again, maybe that isn't the case with other vendors. For example, with a VMWare VM and a Sectigo certificate, you have to login with things like vSphere in a browser for the certificate to be "seen" by InstallShield and this is a Windows thing, not an InstallShield thing. Again, just another security feature of sorts and my guess being that RDP is just too open to being used by "bad people". One of the more annoying things about the new way of doing things, i.e. not a PFX file, is that there is a "smart card" popup asking for the certificate password to be entered during a "manual" InstallShield build that doesn't seem to go away unless you remain logged into the machine. Now, can that be disabled or does it occur if your build process is in a pipeline type situation, I'm not sure, but in my current situation it's only a manual InstallShield build so far. With a pipeline I would hope that this popup would not show up and hence stop the process from continuing until some kind of manual intervention. So, for now, besides some so-called caveats, I can tell you that I've successfully used a Sectigo code signing certificate with InstallShield Premium 2025 R2. I hope this helps.