Digital Signatures and Certificates
Today's users and organizations are becoming increasingly wary about installing software of uncertain provenience on their computers. By digitally signing your installers and products in Advanced Installer, you will increase your user's confidence in you and your company, giving them peace of mind about your software.
SHA-1 to SHA-2 transition
Microsoft has announced a mandatory update of the Digital Signature system from SHA-1 to SHA-2. Preparing your digital signatures and signing your installers according to this update is vitally important because starting with January 1st, 2017 Windows will no longer trust installers with a SHA-1 signature (file hash or timestamp).
Read more about how Advanced Installer can help you get through this transition in the SHA-2 Digital Signature Upgrade article.
Sign both your MSI and EXE installers
Digitally sign your installers in Advanced Installer using a SHA-2 certificate to ensure they pass the UAC and Windows SmartScreen check.
Windows SmartScreen check for a downloaded unsigned product or with unverified signature
UAC elevation prompt for an unsigned product or with unverified signature
UAC elevation prompt for a product digitally signed with Advanced Installer
The above screenshots were taken using Advanced Installer's install package itself as an example. When you sign with your own digital signature, your own company and product will appear as the publisher instead of "Caphyon" and "Advanced Installer".
Device Guard Signing
Complement the traditional digital signing techniques with our native support for Device Guard Signing.
Use the Microsoft Device Guard Signing for all types of packages, be it EXE, MSI, or MSIX.
Azure Key Vault
Simplify your digital signing process by using our Azure Key Vault integration.
Use Azure Key Vault to safely store your code signing certificates in the cloud and access them to sign your installers.
Get the most out of digital signing support directly from Advanced Installer’s GUI.
Sign files included in your installation
Advanced Installer allows you digitally sign any eligible file included in your installation in a single, simple, integrated build step. Furthermore, all executable files generated by Advanced Installer (Updater, AutoRun launcher, Java Native Launcher, etc.) are marked to be signed as soon as a digital signature is provided.
Sign patches and external cabinet files
By also signing patches you can enable least-privileged user account patching without UAC elevation prompts on Windows Vista and above.
Signing all install archives allows Windows Installer to verify their integrity and detect possible corruptions before installing.