InstallAware

We just renewed our signing certificates, and they are now stored in DigiCert KeyLocker.(https://docs.digicert.com/en/digicert-keylocker.html)

I can download a P12 file, but using it requires both a password and an API token. I don't see a way to do this in InstallAware.

Does anyone know if there's a method of signing using this new method from within InstallAware? Or will I need to create my own post process after building the install?

I'm definitely interested in how we will support doing Authenticode in InstallAware given the changes set forth in June 2023 for certificates. I did see that with InstallAware X16 that it will support "Extended Verification" but documentation on how that works is not clear.

For your case, I'm wondering if you'll have to create items in the pre-compress and post-compress build events where you have to write your own tool to sign the files. Before InstallAware added the SHA256ONLY I had followed this forum article to do signing of the files/installer through the build events:
viewtopic.php?f=2&t=11486&p=43740&hilit=sha1+signing#p43740

When our certificate expires coming up I'm guessing I'm going to have to move back to doing the signing via external scripts given I don't see an easy way to support the KeyLocker or using something like Digicert's Software Trust Manager. I'd be curious if InstallAware will eventually add support given the June 2023 changes to code signing certs. Won't know until that feature is released however.

in order to use an EV Token you have, as first, you have to export from your EV Token the "Extended Validation Code Signing Certificate" to a local path.


Then in the InstallAware project "Authenticode settings" you have to specify:
• the Key Container as this is reported in the Advanced View of your SafeNet Client (see below image)
• the full path of your exported cert
• your EV Token password