View Full Version : How to deploy Digital Certificate

09-18-2007, 11:46 AM
I'm playing with this new version of 2008 Express (up from version 12 Express) because of the the Vista issue. We need to (like everyone else) sign our executables so that we have full trust (on at least one). I set the signing tab to our .pfx certificate for the install. When I run the installation under the standard user account, it prompts (as expected) for the administrator's password. When I run the application, it aways prompts for the admin password when the specific exe runs that requires admin rights. I thought it would only prompt once and then remember because of the digital certificate. That brings me to my real question...how do I deploy the digital certificate I have through a CD install? I never see the certificate listed under the certificate snap-in from mmc. (If we create a published install for a test app from within VS2005, we do see the certificate listed.) Everything I find talks about deploying a digital certificate for a web install (published install), but not for a CD install. I cannot find anything in Installshield 2008 Express for deploying a certificate, only signing the executables and install files. BTW, all our executables are set to Full Trust in VS2005 and are signed at compile time in VS2005 with the same certificate that we are using for the install signing process.
How do I put the certificate on the target system so that our app runs properly?

09-24-2007, 08:20 AM
InstallShield Express is primarily designed to sign your installation files for you (including setup.exe). I believe digital certificate deployment is something that's somewhat dependent on the type of digital certificate you're using. You might want to get in touch with whomever originally gave you the certificate as they may be able to give you some steps on how to do that.

Otherwise, the certificate will not bypass the admin prompts. Those prompts will just be more friendly and will provide your company name and certificate information. Until the product is installed on the machine, your certificate provides no benefits as far as avoidance of UAC prompts is concerned. It just makes them appear more friendly to the users and helps out with post-installation functionality.