Code Signing during customer installation process?


1 comment

  • Avatar

    The binaries you are installing (i.e. MyApp.exe) should be signed before building the installer, not at customer site.

    The best way to do this is to have the build process of the application also sign it - i.e. if it automated using Makefile, Maven, Ant/NAnt or other build tool, there should be another step to run signtool to sign the DLLs/EXEs.

    Similarly for Mac OS X binaries/bundles, the signing should be done at build time (and has to be done on an OS X machine). The process is documented here:

    As for signing .jar files, the process is slightly different and is documented here:

    Alternatively, same commands can be run to sign the binaries before building the installer in <preBuildActionList>, however it is not recommended as running the signing tools multiple times may lead to binary file size increase over time.

Please sign in to leave a comment.