Results 1 to 1 of 1

Thread: How to configure and use Microsoft Trusted Signing in SetupBuilder 2025

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 03-04-2025, 10:34 AM #1
    linder
    linder is offline Administrator
    Join Date
    Mar 2004
    Posts
    4,332

    Post How to configure and use Microsoft Trusted Signing in SetupBuilder 2025

    SETUPBUILDER 2025 BETA DOCUMENTATION AND INSTRUCTIONS ARE NOT AVAILABLE YET

    Apologies, everyone! The instructions for SetupBuilder 2025 aren’t fully completed yet. Our main goal was to release the beta today, and we’ve done that! Updated documentation will be available in the next beta build, with more detailed info coming over the next few days. Need help or have questions? Feel free to reach out to me directly at friedrich@lindersoft.com.


    Trusted Signing (formerly Azure Code Signing) is a fully managed service that facilitates app signing for developers. The service provides assurances of authenticity and integrity in applications, which enhances security features that prevent and mitigate malware impacts on the Windows OS. A Trusted Signing signature ensures that your application is trusted by providing base reputation on smart screen, user mode trust on Windows, and integrity check signature validation compliant. Microsoft manages the full certificate lifecycle ? generation, renewal, issuance ? and key storage that is FIPS 140-2 Level 3 HSMs. The certificates are short lived certificates, which helps reduce the impact on your customers in abuse or misuse scenarios.

    SetupBuilder 2025 fully supports Trusted Signing, which is a game-changer in code signing, offering a secure, scalable, and cost-effective solution for organizations of all sizes.

    A. Install SetupBuilder 2025 and start the Integrated Development (IDE).

    B. Select "Help" > "Get SignInstall (x86 or x64) for SetupBuilder".

    Name: getsigninstall.png Views: 50 Size: 33.9 KB

    This will automatically download and install the required service files.

    Name: ts_2.png Views: 353 Size: 5.9 KB

    Name: ts_3.png Views: 333 Size: 33.4 KB

    C. Go to "Tools" > "Options..." and select the Code-Signing Tab.

    Name: options_trustedsigning.png Views: 96 Size: 28.4 KB

    1. Select your Trusted Signing metadata.json (format see below).

    2. Select the timestamp server. Trusted Signing certificates have a three-day validity, so time stamping is critical for continued successful validation of a signature beyond that three-day validity period. Trusted Signing recommends the use of Trusted Signing?s Microsoft Public RSA Time Stamping Authority: http://timestamp.acs.microsoft.com.

    3. Select the "Software Publisher Certificate' Configuration" option.

    This is the metadata.json file format:

    Name: ts_5.png Views: 342 Size: 5.5 KB

    D. Enable Code-Signing in your SetupBuilder project and compile.

    Name: ts_6.png Views: 316 Size: 90.1 KB

    This is the trusted-signed installer (Organization signature)...

    Name: ts_7.png Views: 329 Size: 44.8 KB

    The elevation prompt for trusted-signed installers...

    Name: ts_8.png Views: 321 Size: 15.4 KB

    And finally, the trusted-signed uninstaller (Organization signature)...

    Name: ts_9.png Views: 322 Size: 27.5 KB

    That's it - POINT. CLICK. SHIP

    --
    Friedrich Linder
    Lindersoft | SetupBuilder | www.setupbuilder.com
    Voice: +1.954.537.3701 | Fax: +1.954.537.3702

    -- SetupBuilder "point. click. ship."
    -- Industry leaders count on SetupBuilder to deliver...
    -- Sectigo OV/EV Code-Signing and SSL Certificate Partner
    Last edited by linder; 04-30-2025 at 11:53 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules