Hello,
we used to sign the installer with a .pfx-file. Unfortunately we do not get a pfx file any longer, but a .cer and a .spr-file instead. The private key is at some remote location specified in the .spr-file (to my knowledge). We do not have a pkv-file
We used to have an old .pfx-file which we used to sign the installer using Advanced Installer and then using command line instructions additionally.
But now the .pfx-file has expired and Advanced Installer will not build the Installer.
If we do not sign the Installer using Advanced Installer and only use the command line instructions we get an error message that the archive is broken , when we try to use the installer.
Is there any way to sign our installer (without breaking it) using the .spr and .cer files ?
Thanks in advance
Suggested Articles
Re: Signing installer without pfx-file ?
Hello,
To convert your certificate to a PFX file you can try to use the "Pvk2Pfx" tool.
Also, as another solution you can import the certificate under the "Personal" certificates store of your user account (the one under which the setup build is launched) and then use our "Use from the Personal certificate store" from "Digital Signatures" page.
Hope this helps.
All the best,
Daniel
To convert your certificate to a PFX file you can try to use the "Pvk2Pfx" tool.
Also, as another solution you can import the certificate under the "Personal" certificates store of your user account (the one under which the setup build is launched) and then use our "Use from the Personal certificate store" from "Digital Signatures" page.
Hope this helps.
All the best,
Daniel
Re: Signing installer without pfx-file ?
Thanks for your reply.
The pvk2pfx tool requires the pvk-file which we do not have unfortunately.
Can you please explain how to do that with Windows Server 2012 R2 ? Thanks
[quote="Daniel"]
...
Also, as another solution you can import the certificate under the "Personal" certificates store of your user account (the one under which the setup build is launched) and then use our "Use from the Personal certificate store" from "Digital Signatures" page.
.../quote]
The pvk2pfx tool requires the pvk-file which we do not have unfortunately.
Can you please explain how to do that with Windows Server 2012 R2 ? Thanks
[quote="Daniel"]
...
Also, as another solution you can import the certificate under the "Personal" certificates store of your user account (the one under which the setup build is launched) and then use our "Use from the Personal certificate store" from "Digital Signatures" page.
.../quote]
Re: Signing installer without pfx-file ?
Hello,
You should right click on your certificate file (e.g. .cer file) and choose the "Install Certificate" context menu option. Then select "Current User" option and "Place all certificates in the following store -> Certificate Store -> Personal".
Also, to convert your cert files to PFX format you could try contacting your certificate vendor and ask more details about how can this be accomplished.
Hope this helped.
All the best,
Daniel
You should right click on your certificate file (e.g. .cer file) and choose the "Install Certificate" context menu option. Then select "Current User" option and "Place all certificates in the following store -> Certificate Store -> Personal".
Also, to convert your cert files to PFX format you could try contacting your certificate vendor and ask more details about how can this be accomplished.
Hope this helped.
All the best,
Daniel
Re: Signing installer without pfx-file ?
I have added the personal certificate to the certificate store . I can see it in the personal folder in the certificate but advanced installer is not listing it in the drop down menu in use from Personal certificate store. Using one of the listed certificates leads to an error 1001 when I try to install the software
Re: Signing installer without pfx-file ?
This is really strange. Can you please check with your vendor certificate and make sure your certificate is our Microsoft Authenticode type? More exactly that it can be used to sign MSI and CAB files.
Also, to test this you can build a small MSI file with Advanced Installer, and then by using the Micorsoft's SignTool.exe tool try to sign the above MSI package by using your certificate file. And see if this succeeds. If so, this means the certificate is of Authenticode type.
Otherwise you should make sure you acquire an Authenticode certificate type to be used for your setup files.
All the best,
Daniel
Also, to test this you can build a small MSI file with Advanced Installer, and then by using the Micorsoft's SignTool.exe tool try to sign the above MSI package by using your certificate file. And see if this succeeds. If so, this means the certificate is of Authenticode type.
Otherwise you should make sure you acquire an Authenticode certificate type to be used for your setup files.
All the best,
Daniel