Before distributing your installer, you can use the SignTool included with the Windows SDK to sign installers created with Package Builder with trusted certificates.

Complete the following steps to sign your installer:

  1. Ensure you have the appropriate trusted Certificate and .pfx (personal exchange format) file:
    1. You can use the Pvk2Pfx command line function to create the .pfx file from your .cer (certificate) and .pvk (private key) files.
    2. Open a command prompt as administrator and use Certutil to trust your certificate:
      Certutil -addStore TrustedPeople MyKey.cer
  2. Create an installer for your packages:
    1. Select the Installers and Repositories tab.
    2. Click New Installer or Repositories » New Package Installer and name the installer.
    3. Right-click the installer, select Add Packages…, and select the packages to add to your installer.
  3. Select your installer and ensure the Include NI certificates package box is checked in the Properties pane.
  4. Build your packages and installers.
  5. Open a command prompt as administrator.
  6. Navigate to the SignTool directory using the cd command. For example:
    cd C:\Program Files (x86)\Windows Kits\10\bin\x86
  7. Use the SignTool to sign your installer executable:
    signtool sign /f <cert.pfx> /p <password> “<installer.exe>”
    • <cert.pfx> is the name of your .pfx file.
    • <password> is the password for your .pfx file (if unspecified, default is the password for the .pvk file).
    • <installer.exe> is the full path to the installer.exe.

Once completed, your installer should be signed using the specified certificate.