[wix-users] Code Signing SHA-1/2

Tobias S tobias.s1979 at gmail.com
Mon Feb 15 07:19:11 PST 2016

Based on that article we changed our signing strategs to sign *.exe + *.dll
with dual signing SHA-1 + SHA-256 and for *.msi we stick to SHA1 only. All
signing is done on a combined Symantec certificate supporting SHA 1 and
SHA256 signing. Microsoft does same e.g. for the new VCRedist Installers
(but with different certificates).

If running on W7 Build controllers there are additional files needed for
dual signing files. Check MSDN for information about these files:
AFAIR also Windows Updates need to be up-to-date.

More information about the wix-users mailing list