Windows Installer can use digital signatures as a means to detect corrupted resources. A signer certificate may be compared to the signer certificate of an external resource to be installed by the package. For more information, see Digital Signatures and Windows Installer.

MsiCert.exe is a command line utility that can be used to populate the MsiDigitalSignature table and MsiDigitalCertificate table with the digital signature information of an external cabinet file. The cabinet file must by digitally signed and listed in the Media table. MsiCert.exe uses the signer certificate information from the digitally signed cabinet and will create and add the MsiDigitalSignature and MsiDigitalCertificate tables to the database if they do not already exist.


msicert -d {database} -m {media entry} -c {cabinet} [-h]

Command Line Options

The command line options are case-insensitive and slash delimiters may be used instead of a dash.

Option Parameter Description
-d The database (.msi file) that is being updated.
-m The entry in the DiskId field of the Media table in the record for the cabinet file.
-c The path to the digitally signed cabinet file.
-h   Include the hash of the digital signature. This is optional.


This tool is only available in the Windows SDK Components for Windows Installer Developers.

Windows Installer Development Tools

Released Versions, Tools, and Redistributables