Signing Access Anywhere Windows Tools

When you create your own Windows Tools installer with the packager the installer will not, by default, be signed. This page explains how to sign the installer.

Instructions for using the packager to create the installer are here.

If you get your certificates from a commercial supplier, be sure that they are in the PFX format.

If you do not have the certificates, you can generate some self signed certificates easily using Powershell:

$cert = New-SelfSignedCertificate -DnsName demo.sme.io -Type CodeSigning -CertStoreLocation “cert:\LocalMachine\My” $CertPassword = ConvertTo-SecureString -String “my_password” -Force -AsPlainText Export-PfxCertificate -Cert $cert -FilePath “C:\Users\Administrator\Certs\cert.pfx” -Password $CertPassword

Substitute your own values for the values in italics.

The result will be a PFX file in the location you specified.

You will be using 'signtool' to sign the tools. Signtool is available from the Windows SDK, which you can get from here:

https://developer.microsoft.com/windows/downloads/windows-10-sdk/

Once signtool is installed you will need to open a DOS prompt and move to the directory containing signtool. You may find it here:

C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86

(depending on when you install this, the version number there may be slightly different)

You can then execute signtool using the following:

signtool.exe sign /f C:\Users\Administrator\Certs\cert.pfx /t http://timestamp.digicert.com /p my_password /fd SHA256 “C:\Users\Administrator\Downloads\Test4 Testing Tools.22.5.25.0.exe”

In this example above, replace the values in italics with the path to your PFX, your password to your certificates, and the path to your generated installer respectively.

If this is successful then the EXE will now be signed. You can check this by right clicking on the EXE, and inspecting its properties:

.