Signing Installers You Create with Inno Setup
Configure Sign Tools
Select Configure Sign Tools... from the Tools menu.
Add A Tool
Name the Tool
Give the tool a name. This is the name you will use when referring to the tool in your installer scripts. I named mine signtool because I'm using signtool.exe.
Assign the Command Line Parameters
Paste in the text you use to sign your executables from the command line. Replace the name of the file to sign with $f. Inno Setup will replace the $f variable with the file that is being signed.
Example:
"C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Bin\signtool.exe" sign /f "C:\MY_CODE_SIGNING.PFX" /t http://timestamp.comodoca.com/authenticode /p MY_PASSWORD $f
After clicking OK you are done configuring the sign tool.
Update Your [Setup] Section
Add the following script to your [Setup] section to use the sign tool you just configured. This assumes you named your tool signtool.
SignTool=signtool
![Update Your [Setup] Section](https://media.screensteps.com/images/revolution/95041/1/rendered/2E8BCF11-3470-4CC9-840E-52EBC347AEC4_display.png)
The Result
Now when you build your installers they will be signed.
Carlos Ramirez
Hello,
Excellent very explicative. For Visual Studio 12 the signtool is located here: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe"
Thanks
Andy
Very clear and helpful, I have no idea how anyone would be expected to figure it out without this level of help!
Michael Sarahan
Thanks, this was very helpful. For people using command line tools, see this other helpful post, too: http://doughennig.blogspot.com/2009/11/executable-signing-with-inno-setup.html
Sanchi
So the signtool.exe would lie in "Program Files" for x86 machines and "Program Files (x86)" for x64 machines. So this might fail the signing
Jaime
Very useful and straightforward.
Dieter Woellner
Near to getting nuts when trying via Innosetup help I found your article. Saved my head ;o)!
chris
I have tryed this in wondiws 10 cna not et it to work i installed the sdk the singtool is located in C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe inno complie fails with
Sign Tool command failed (Failed to execute Sign Tool command.
Error 5: Access is denied). Will retry (2 tries left).
Trevor DeVore
@chris - that sounds like a permissions issue. A google search for "signtool.exe Error 5: Access is denied" turned up this:
https://github.com/javafx-maven-plugin/javafx-maven-plugin/issues/286
There was a folder permissions problem in that particular case and signtool.exe update the file. I would start by looking at permissions on the files you are trying to modify.