How to sign your .cab files

(see highlighted section below for the specifics of creating a Test certificate)  

 

· Generate a .cab (using Cab SDK): https://support.microsoft.com/kb/310618

o Simple command line approach:

§ make sure desired mshc file exists (copy to) in same folder as makecab.exe (simplified command line for this example)

§ cd into directory where makecab.exe lives, example: C:\cabsdk\BIN

§ issue command line: makecab.exe <mshc file name> <desired cab file name>

 

· Sign a .cab (using locally generated certificate - only used for local signed cab testing):

o For local testing, create your own certificate from your local machine (requires the tool to create the certificate to be installed as part of Windows SDK):

§ https://msdn.microsoft.com/en-us/windows/bb980924.aspx

§ Install Windows SDK

o Create local certificate:

§ Makecert.exe -sk myNewKey -r -n "cn=Test Sign Cert,ou=certificates,O=Tst" -ss my myNew.cer

§ certutil.exe -f -addstore personal myNew.cer

o Sign the .cab:

§ Signtool.exe sign /i "<whatever your cert name is, the "cn=" name in above line>" <content name>.cab

 

· Signing with a certificate obtained from Certificate Authority:

o https://msdn.microsoft.com/en-us/library/aa387764(VS.85).aspx

o Make sure you have a cert to use for the signing and the private key

o At a command prompt, cd into directory where signtool.exe lives

o signtool.exe signwizard

o In the signwizard UI:

§ Select cab file

§ Select custom option - this will enable you to select your cert