Digital Signatures

Today's users and organizations are becoming increasingly wary about installing software of uncertain provenience on their computers. By digitally signing your installers and products in Advanced Installer, you will increase your user's confidence in you and your company, giving them peace of mind about your software.

SHA-1 to SHA-2 transition

Microsoft has announced a mandatory update of the Digital Signature system from SHA-1 to SHA-2. Preparing your digital signatures and signing your installers according to this update is vitally important because starting with January 1st, 2017 Windows will no longer trust installers with a SHA-1 signature (file hash or timestamp).

Read more about how Advanced Installer can help you get through this transition in the SHA-2 Digital Signature Upgrade article.

Sign both your MSI and EXE installers

Digitally sign your installers in Advanced Installer using a SHA-2 certificate to ensure they pass the UAC and Windows SmartScreen check.

Windows SmartScreen stops a downloaded unsigned product from running
Windows SmartScreen check for a downloaded unsigned product or with unverified signature

Before: Unsigned Product
UAC elevation prompt for an unsigned product or with unverified signature

After: Signed Product
UAC elevation prompt for a product digitally signed with Advanced Installer

NoteThe above screenshots were taken using Advanced Installer's install package itself as an example. When you sign with your own digital signature, your own company and product will appear as the publisher instead of "Caphyon" and "Advanced Installer".

Sign files included in your installation

Advanced Installer allows you digitally sign any eligible file included in your installation in a single, simple, integrated build step. Furthermore, all executable files generated by Advanced Installer (Updater, AutoRun launcher, Java Native Launcher, etc.) are marked to be signed as soon as a digital signature is provided.

Sign patches and external cabinet files

By also signing patches you can enable least-privileged user account patching without UAC elevation prompts on Windows Vista and above.

TipSigning all install archives allows Windows Installer to verify their integrity and detect possible corruptions before installing.

Sign Visual Studio Extension, Add-In and AppX packages

Sign your VSIX, Add-In or AppX packages and give your customers peace of mind that your software is genuine.