Signing Installers You Create with Inno Setup

You can configure Inno Setup to sign all of the installers you create. This removes the need to sign them manually after the fact.

Remember that you still need to sign your LiveCode executable prior to building the installer, however.

Configure Sign Tools

Select Configure Sign Tools... from the Tools menu.

Configure Sign Tools

Add A Tool

Add A Tool

Name the Tool

Give the tool a name. This is the name you will use when referring to the tool in your installer scripts. I named mine signtool because I'm using signtool.exe.

Name the Tool

Assign the Command Line Parameters

Paste in the text you use to sign your executables from the command line. Replace the name of the file to sign with $f. Inno Setup will replace the $f variable with the file that is being signed.


"C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Bin\signtool.exe" sign /f "C:\MY_CODE_SIGNING.PFX" /t /p MY_PASSWORD $f
Assign the Command Line Parameters

After clicking OK you are done configuring the sign tool.

Update Your [Setup] Section

Add the following script to your [Setup] section to use the sign tool you just configured. This assumes you named your tool signtool.

Update Your [Setup] Section

The Result

Now when you build your installers they will be signed.

The Result


Carlos Ramirez


Excellent very explicative. For Visual Studio 12 the signtool is located here: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe"



Very clear and helpful, I have no idea how anyone would be expected to figure it out without this level of help!

Michael Sarahan

Thanks, this was very helpful. For people using command line tools, see this other helpful post, too:


So the signtool.exe would lie in "Program Files" for x86 machines and "Program Files (x86)" for x64 machines. So this might fail the signing


Very useful and straightforward.

Dieter Woellner

Near to getting nuts when trying via Innosetup help I found your article. Saved my head ;o)!


I have tryed this in wondiws 10 cna not et it to work i installed the sdk the singtool is located in C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe inno complie fails with
Sign Tool command failed (Failed to execute Sign Tool command.

Error 5: Access is denied). Will retry (2 tries left).

Trevor DeVore

@chris - that sounds like a permissions issue. A google search for "signtool.exe Error 5: Access is denied" turned up this:

There was a folder permissions problem in that particular case and signtool.exe update the file. I would start by looking at permissions on the files you are trying to modify.


run the signtool command as shown in this guide, from the command line, but replace $f with some other file. I recommend adding /debug after the sign parameter. But more importantly, Win SDK 10 and up require to add (also after "sign") the following parameter /fd SHA256
Without it, the tool would fail. Another gotcha is to make sure the certificate was created with code signing usage. If not, the tool won't use it for signing code.

Brigitte Lechermeyer

I sign VBA-Code. I'm using in Word -> developer -> VisualBasic
Here I go to Tools -> Digital Signature
What do I have to use as "Command for the sing tool?" in this case?
Thanks for help

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.