InstallAware

I'm using InstallAware X10. I recently renewed a code signing certificate and InstallAware reports a failure trying to sign the installer.

I can successfully use signtool.exe to manually sign executable files - so the certificate is good. I use the command:

signtool sign /f "filename.pfx" /p %pwd% /t http://timestamp.comodoca.com/authenticode file_to_sign.exe

I've tried the Installaware test program for signing a file with various urls (including the one above) and:
http://timestamp.digicert.com
http://timestamp.comodoca.com/rfc3161
and every other one in the InstallAware test signing app.
...but all fail.

I exported the certificate to pfx file using sha256 and using TripleDes - all signing through InstallAware fails with both formats.

What could be the issue?

I just run a test using the "IA Code Sign Tool", and I don't see any problem.
Of course, as I have already discussed here (https://www.installaware.com/forums/viewtopic.php?f=2&t=11319#p43133), I had to use "http://timestamp.digicert.com" for the time stamp server.

If you want to test your PFX with SignTool.exe, you should invoke SignTool two times over the same EXE file to sign, as follow:

1> SignTool.exe sign /f <SignCertFile.pfx> /t <time-stamp-URL> /p <PWD> <FileToSign>
2> SignTool.exe sign /f <SignCertFile.pfx> /as /fd sha256 /tr <time-stamp-URL> /td sha256 /p <PWD> <FileToSign>
https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool

The above cmd lines will apply a double digital signature to the given file.

Thanks Francesco,

I ran your two signing commands with my certificate and a file to sign. Both worked successfully and yet the "IA Code Sign Tool" and IA X10 itself report an error when signing the installer. What could be the cause of that?

From IA IDE, can you do a try with omitting the URL parameter (just leave the field blank)?

I just stopped and restarted IA and built the project again. It worked fine - I have no idea why. I'll continue on and see if it happens again.

Thanks for your suggestions.