Submitting a certificate request.
In order to obtain a object code certificate you will need to submit a certificate request. You will need a tool to generate this request, I used a tool called OpenSSL http://www.slproweb.com/products/Win32OpenSSL.html.
Generating the request in OpenSSL through command prompt
openssl req -nodes -sha1 -newkey rsa:2048 -keyout C:\SomeFolder\PrivateKey.key -out C:\SomeFolder\CertificateRequest.csr
You will be prompted for a few certificate fields, enter these as they come up.
This will generate 2 files, a private key and a certificate request, these go hand in hand, you will need the key later on once you have your certificate so make sure you take a backup of it.
Submitting a certificate request to a certificate authority
You will need to choose the CA that you want to use to issue you with a certificate.
examples are startssl.com, godaddy, globalsign, symantec etc.
Most CA's require you to submit information to them to verify that you are who you say you are. You will need both personal and company verification to obtain an object code certificate. This can be quite a lengthy process so I would suggest you do it first.
Once you are verified with your CA you will need to submit the Text in the CertificateRequest.csr file as your request for them to generate you a certificate.
Preparing the certificate for signing
Once your certificate has been generated by your CA you will need to copy the text of the certificate and place it in a .crt file. Then we will use OpenSSL to generate a .pfx certificate using the crt file and your private key.
openssl pkcs12 -export -in MyCertificate.crt -inkey PrivateKey.key -out ResultCertificate.pfx
when prompted for a export password press enter to leave it blank.
This pfx file will be used to sign our installer.
Signing the installer
In the .wixproj of the bootstrapper add the following to the
Then in the
<Project> tag add these targets. Here we use signtool.exe to sign the package and startcom's timestampping service to add a time stamp
<Output TaskParameter="Path" PropertyName="FrameworkSdkPath" />
<Target Name="UsesSignTool" DependsOnTargets="UsesFrameworkSdk">
<SignToolPath Condition="('@(SignToolPath)'=='') and Exists('$(FrameworkSdkPath)bin\signtool.exe')">$(FrameworkSdkPath)bin\signtool.exe</SignToolPath>
<SignToolPath Condition="('@(SignToolPath)'=='') and Exists('$(Win7ASDK)\bin\signtool.exe')">$(Win7ASDK)\bin\signtool.exe</SignToolPath>
<SignToolPath Condition="('@(SignToolPath)'=='') and Exists('$(Win7SDK)\bin\signtool.exe')">$(Win7SDK)\bin\signtool.exe</SignToolPath>
<Target Name="SignBundleEngine" DependsOnTargets="UsesSignTool">
<Exec Command=""$(SignToolPath)" sign /f ResultCertificate.pfx /tr http://www.startssl.com/timestamp "@(SignBundleEngine)"" />
<Target Name="SignBundle" DependsOnTargets="UsesSignTool">
<Exec Command=""$(SignToolPath)" sign /f ResultCertificate.pfx /tr http://www.startssl.com/timestamp "@(SignBundle)"" />