How can i sign my installer and exe files with signtool.exe ?

[Mel]

I cant sign my installer.exe and a few other .exe files with advanced installer . I am using a certificate from Digicert, it is an extension of .p12

I have under "files configured for signing " a few .exe files that are files from project.

How can i sign , because if i use "file from disk" and select the .p12 file it gives an error :


The digital signing of the APPDIR\<myfile>.exe file failed. Error message: 'SignTool Error: No certificates were found that met all the given criteria.

Why this error and is there a way i can sign these ?

[NovaES]

Hello, if you purchased the certificate after June, you must meet some requirements by signing it from an HSM (SafeNet Key or YubiKey) that complies with directive 140-2. If not, you will not be able to sign, since you need a private key. If you have purchased the signature from the platform, you must contact DigiCert and installer support to see how to sign with the token from the DigiCert cloud.

[Mel]

I have signed the .exe files but when it tries to sign the msi, cab and exe file it gives and error:

Signing the file failed with error: <all weird characters here>

[Catalin]

Hello Mel,

For signing purposes, Advanced Installer uses the well known signtool.exe tool.

This tool comes delivered with many Windows SDKS and even with other tools such as Visual Studio.

Screenshot_52.png (32.78 KiB) Viewed 6267 times

Using this tool, are you able to sign files outside of Advanced Installer using your certificate?

If not, perhaps you'd want to contact DigiCert support, as mentioned by @NovaES and they can assist you in manually signing the files.

Once that's one, you can use the "Custom" option and sign the files using the command line suggested by the DigiCert support:

Screenshot_53.png (8.23 KiB) Viewed 6267 times

Hope this helps!

Best regards,
Catalin