How to: Sign Setup Files with SignTool.exe (Windows Installer)

You can use SignTool.exe to sign a Windows Installer file (.msi) or a Setup program (setup.exe). By signing setup files, you help ensure that tampered files are not installed on end-user computers.

Note

The dialog boxes and menu commands you see might differ from those described in Help depending on your environment. To change your settings, click Import and Export Settings on the Tools menu. For more information, see Working with Settings.

To sign a Windows Installer file (.msi)

1. On the development computer, install the certificate that you want to sign the file with.

2. Open a Visual Studio command prompt.

3. Change to the directory that contains the .msi file.

4. Sign the .msi file by using the following command:

   signtool sign /sha1 CertificateHash SetupFile.msi
   

   For example, to sign a setup file that is named ExcelAddInSetup.msi, use the following command:

   signtool sign /sha1 CCB... ExcelAddInSetup.msi
   

To sign a Setup program (.exe)

1. On the development computer, install the certificate that you want to sign the file with.

2. Open a Visual Studio command prompt.

3. Change to the directory that contains the .exe file.

4. Sign the .exe file by using the following command:

   signtool sign /sha1 CertificateHash Setup.exe
   

   For example, to sign the Setup program, use the following command:

   signtool sign /sha1 CCB... Setup.exe
   

See Also

Reference

SignTool.exe (Sign Tool)

Other Resources

Deployment Tasks and Walkthroughs