如何将数字证书添加到SingleImage Install Shield安装程序
[英]How to Add a Digital Certificate to a SingleImage Install Shield Installation Program
问题描述
I have an installation program created using the limited version of Install Shield within Visual Studio 2012. 
我在Visual Studio 2012中使用限制版本的Install Shield创建了一个安装程序。
I have a digital certificate that I want to add to the installation program. 我有一个数字证书,我想添加到安装程序。
I'd like to use the SingleImage feature of Install Shield to create and deliver a single installation file (eg setup.exe) to my customers. 我想使用Install Shield的SingleImage功能创建并向我的客户提供单个安装文件(例如setup.exe)。 It seems, however, that I must attach the digital certificate to an msi file, which is embedded within setup.exe, by Install Shield. 但是,似乎我必须通过Install Shield将数字证书附加到一个msi文件中,该文件嵌入在setup.exe中。
I have found that placing the digital certificate on setup.exe results in telling the user that the publisher is unknown, when running the installation program. 我发现在运行安装程序时,将数字证书放在setup.exe上会导致告知用户发布者是未知的。 If other words, that does not properly deploy the digital certificate. 如果换句话说,那就是没有正确部署数字证书。
Can I get access to the msi file to add the digital certificate to it? 我可以访问msi文件以向其添加数字证书吗? If so, how? 如果是这样,怎么样?
2 个解决方案
解决方案1
27 已采纳 2014-02-02 03:32:14
I going to answer my own question. 我将回答我自己的问题。 Since posting my question I found that the limited edition of Install Shield in Visual Studio 2012 can be setup to sign the installation program (if you have a proper digital certificate). 自从发布我的问题后,我发现Visual Studio 2012中的Install Shield限量版可以设置为签署安装程序(如果你有一个合适的数字证书)。
This is found under: Builds/Express/SingleImage. 可在以下位置找到:Builds / Express / SingleImage。 There is a tab named "Signing". 有一个名为“签名”的选项卡。 Enter the path/filename for the Digital Certificate File, the Certificate Password, and specify which output files you want to sign. 输入数字证书文件的路径/文件名,证书密码,并指定要签名的输出文件。 Install Shield then signs the installation program upon a build. 安装Shield然后在构建时签署安装程序。
My apologies for asking this question too soon. 我很抱歉过早地提出这个问题。 I should have done more research first. 我应该先做更多的研究。
解决方案2
1 2016-03-04 15:37:38
InstallShield versions prior to IS 2015 do not support SHA-256 certs. IS 2015之前的InstallShield版本不支持SHA-256证书。 So, while Mike's answer is correct, it no longer does you any good without the new IS, because Microsoft requires SHA-256 as of January 1st, 2016. 因此,虽然迈克的答案是正确的,但如果没有新的IS,它将不再对你有任何好处,因为微软自2016年1月1日起需要SHA-256。
But... IS let out a little secret a while back about this before they must have known what they were doing. 但是......在他们必须知道他们在做什么之前,我会暂时放下一点秘密。 See this thread on the IS forum . 在IS论坛上查看此主题 。
In case they take that down, here's the important part : 如果他们把它拿下来,这是重要的部分:
"If you need this kind of signature immediately, you can either sign files yourself at a later point, or create a wrapper for signtool.exe that intercepts the command line arguments we pass to \\System\\signtool.exe and does something else instead."
So as Mike said, you can't simply sign the outer exe, but by replacing their signtool.exe you should be able to sign the inner msi as well. 正如迈克所说,你不能简单地签署外部exe,但是通过替换他们的signtool.exe你也应该能够签署内部msi。
I'm looking into implementing this work around now. 我正在考虑实施这项工作。 If anyone else tries this, let us know your results. 如果其他人试图这样做,请告诉我们您的结果。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.