How to sign installation files of a Visual Studio .msi

You can add the following PostBuildEvent to your VS Setup project (project properties):

Windows 8.0:

"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool.exe" sign /a  $(BuiltOuputPath)

Windows 10:

"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /a  $(BuiltOuputPath)

Project properties window

See this MSDN documentation for signtool usage. You can use the /f flag to specify the signing certificate, /p to specify the cert's password, etc

Also, note that $(BuildOuputPath) is misspelled. This is on purpose. Thanks microsoft...

Visual Studio creates two folders at compile time: obj and bin. Turns out, at least in my case, the output will always be copied from the obj folder into the bin folder. I was signing the executables in the bin folder only to have them overwritten and then packaged into the msi. Signing the executables in the obj folder solved the problem.

How to sign installation files of a Visual Studio .msi

Tags:

C#

Visual Studio 2008

Code Signing Certificate

Authenticode

Related

Recent Posts