WiseScript Package Editor Reference
30
Creating WiseScript Installations
signtool.exe tool. For details, search for “Signtool” in the MSDN Library
(
msdn.microsoft.com/library/
).
Requirements
z
You must have a valid code signing certificate, which you can obtain from a
commercial certificate authority such as Verisign. For a list of certificate authorities,
search for “Microsoft Root Certificate Program Members” in the MSDN Library
(
msdn.microsoft.com/library/
).
z
You must have the signtool.exe or signcode.exe tool on your computer.
z
Signtool.exe requires the CAPICOM 2.0 redistributable to be installed and registered
on your computer. CAPICOM provides services for digitally signing applications, and
is available from the Microsoft Web site.
z
The location of signtool.exe or signcode.exe must be added to your Path
environment variable.
To add a digital signature
(WiseScript Package Editor) Select Installation Expert > Digital Signature page and
complete the page.
(WiseScript Editor) Select Project Settings > Digital Signature and complete the page.
z
Add a digital signature externally
Mark this to leave space in the installation for a digital signature without actually
adding it to the installation. This is useful if the installation must be digitally signed
under a higher security environment by a different individual. Extra space is
reserved to allow for the digital signature information. If an installation does not
have extra space (approximately 5 K), and a digital signature is added, errors occur
when CRC checks are performed because of the resulting size increase. This option
eliminates those errors.
z
Add a digital signature
Mark this to add a digital signature to the installation and to enable the following
fields:
Web URL
Enter your company’s Web site address.
Descriptive Name
Enter the name of your application. This name is embedded in your
Authenticode certificate to let end users verify the name of the application they
are installing.
TimeStamp URL
Specify the URL you use for your timestamping service. Timestamping lets end
users distinguish between a certificate that has expired but was valid when it
was used to sign the installation, and a certificate that was used to sign an
installation while it was expired. The timestamping service must be available on
your computer to build the installation but does not need to be available to the
end user running the installation.
z
Certificate options
Signtool.exe with Personal Information Exchange file
Mark this to use signtool.exe and then specify the Personal Information
Exchange file (.PFX) to use.