Jesus,

> Sir. you are right, I use a different installer. The Code Signing Utility
> from Intel is able to use a PFX certificate or to use the installed
> Certificate. I use Wininstall and I just drag and drop the installer and
> it gets signed. I also sign the original exe file. Sometimes I need a
> program to run as Administrator and this is the only way a user will trust
> such elevation.

If you are using a fully automated environment (companies are using the
SetupBuilder compiler to embed manifests and then code-sign hundreds and
thousands of files in a nightly build process) then drag and drop is not an
option. SetupBuilder does all this quietly behind the scenes.

A major drawback of the Intel tool is its dependencies. It's a .NET
application and requires Microsoft .NET framework 4 and Microsoft Visual C++
2010 SP1 Redistributable Package.

Intel's idea of providing an alternative to the M$ code-signing tools was
most welcome. But unfortunately, their solution can't be used in a
professional environment. I was in contact with Intel some time ago to
discuss a native Win32/Win64 port of their tool. But their solution is
purely .NET and they don't expect an enhanced Win32/Win64 version anytime
soon :-(

BTW, as an additional note. Of course, the Microsoft tool can also
code-sign directly from the certificate store. But 100% (I hope <g>) of all
developers have at least one backup of their certificate in form of .PFX or
.PVK/.SPC. Once the certificate gets lost it can't be recovered.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

--Helping You Build Better Installations
--SetupBuilder "point. click. ship"
--Create Windows 8 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner