PDA

View Full Version : Dual Code Signatures



LanceRas
12-21-2015, 01:47 PM
January 1, 2016 is the Code Signing Armageddon.

As we still have to support Windows Vista and Server 2008, we need the ability to dual sign our installer and apps. Doing the apps is easy. Doing the Single file Setup EXE is fine. But I need to be able to dual sign the MSI before it is wrapped in the Setup.EXE.

Here is background on this from MS, who recommends dual signing and an article explaining as well.

http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx

http://zabkat.com/blog/code-signing-sha1-armageddon.htm

AaronM
01-14-2016, 10:54 AM
But I need to be able to dual sign the MSI before it is wrapped in the Setup.EXE.

Details in regard to why dual sign MSI is not supported was provided by Josh Stechnij (Software Engineer - Flexera Software: InstallShield Team) in another thread.
https://community.flexerasoftware.com/showthread.php?218163-Codesigning-using-SHA-2-SHA256&p=507778#post507778