Before distributing your installer, you can use the SignTool included with the Windows
SDK to sign installers created with Package Builder with trusted certificates.
Complete the following steps to sign your installer:
- Ensure you have the appropriate trusted Certificate and
.pfx (personal exchange format) file:
- a. You can use the Pvk2Pfx command line function to create the
.pfx file from your .cer
(certificate) and .pvk (private key) files.
- Open a command prompt as administrator and use Certutil to trust your
Certutil -addStore TrustedPeople MyKey.cer
- Create an installer for your packages:
- Select the Installers and Repositories tab.
and name the installer.
- Right-click the installer, select Add Packages…, and
select the packages to add to your installer.
- Select your installer and ensure the Include NI certificates
package box is checked in the Properties pane.
- Build your packages and installers.
- Open a command prompt as administrator.
- Navigate to the SignTool directory using the cd command.
cd C:\Program Files (x86)\Windows Kits\10\bin\x86
- Use the SignTool to sign your installer executable:
signtool sign /f <cert.pfx> /p <password> “<installer.exe>”
- <cert.pfx> is the
name of your .pfx file.
- <password> is the password for your
.pfx file (if unspecified, default is
the password for the .pvk file).
- <installer.exe> is the full path to the
Once completed, your installer should be signed using the specified certificate.