I have been asked to check out how to digitally sign the msi files. We use InstallShield 2012 Spring for created .msi packages and the Release has been configured to create external Data cabs.

Can any one let me know what steps need to be followed for digital signing a msi in Installshield. I have checked the "Signing" tab in Release however it requires digital certificate file (.spc or .pfx), however i am not sure how these files are to be created/obtained.

Hence would like to have some guidance on best practices for digital signing.

thanks in advance
Sujit J

0 Comments   [ + ] Show Comments


Please log in to comment





You have to obtain a certificate from a certificate authority, and they will provide you with the .spc/.pfx files for use here.

Answered 02/25/2014 by: dunnpy
Red Belt

  • Thanks for the above answer.

    However i have seen our company has created code signing certificates, hence i dont think they would allow us to get a certificaite from CA.
    So can you please guide my how i can use the code signing certificate for signing msi.

    I have tried using signtool.exe and ran the wizard mode passing the code sign certificate (as a .cer file), however it asks for a .pvk file. Im stuck at this point.

    Thanks in advance
    Sujit J
Please log in to comment
This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.


The help link posted above doesn't mention that you can use a .cer file - so you'll need to go back to whoever provided the .cer file and explain your requirements to meet their requirements of the requirements.

Answered 02/26/2014 by: dunnpy
Red Belt

Please log in to comment

Go Google!


You will need to use the certificate manager snap in to produce the .pfx.
Dont forget to import first so you can work with it.

Requires some knowldge of certs, mmc, windows management of certs. 

Answered 02/26/2014 by: rileyz
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity