Digitally Signing FlexApp One Application Packages

Digitally Signing FlexApp One Application Packages

FlexApp One Applications can be digitally signed for enhanced security and verification, ensuring that your applications have not been tampered with.

This feature causes the certificate information to show in the Digital Signature tab of the FlexApp One EXE Properties window. This information can then be used to allow the FlexApp One EXE to be verified, or allowed by ProfileUnity’s Application Restriction Module, AppLocker, or other application-control solutions, resulting in an enhanced level of security.

Obtaining a Code Signing Certificate

The FlexApp One Bundler accepts password protected PFX files created with most normal certificate request procedures, whether self-signed, from an Active Directory CA or third-party CA. The certificate must be set for Digital Signing and specifically be a Code Signing certificate. Other certificate types are not supported.

Creating Signed FlexApp One Application Packages

To create signed FlexApp One Applications, you will need to supply some information to the FlexApp One Bundler. This is done differently depending on your method of creating FlexApp One Application packages.

Using the FlexApp Packaging Console

Creating signed FlexApp One Applications with the FlexApp Packaging Console requires the following steps:

  1. On the FPC machine, already reverted to a clean state, copy your PFX Code Signing certificate to the following folder:
  2. Copy 
    "C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Console\FlexApp One Bundler"
  3. Open an elevated cmd.exe prompt and run the following command using the password for the PFX file:
  4. Copy 
    "C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Console\FlexApp One Bundler\bundler.exe" setsigningcredential -p "<PFX password>"
  5. Open and login to the FlexApp Packaging Console software and open the Settings screen using the “gears” button at the top-right of the window. Scroll down to Create FlexApp One Arguments and enter the following using your PFX filename:
  6. Copy 
    -c "C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Console\FlexApp One Bundler\<filename>.pfx"
  7. Click the OK button at the bottom to save the settings.
  8. Proceed to take a new clean-state snapshot to be used for automatically signing new FlexApp One Applications from future FlexApp package captures.

Using FlexApp Packaging Automation

Creating signed FlexApp One Applications with FlexApp Packaging Automation requires the following steps:

  1. On the FPA Packaging Agent machine(s), already reverted to a clean state, copy your PFX Code Signing certificate to the following folder:
  2. Copy 
    "C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Automation\FlexApp One Bundler"
  3. Open an elevated cmd.exe prompt and run the following command using the password for the PFX file:
  4. Copy 
    "C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Automation\FlexApp One Bundler\bundler.exe" setsigningcredential -p "<PFX password>"
  5. Edit your existing PackagesFile, DefaultsJSON, or existing CLI(s) and add the following to the "FlexAppOneCliOverride" or /FlexAppOneCliOverride setting:
  6. Copy 
    "-c \"C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Console\FlexApp One Bundler\<filename>.pfx\""
  7. Proceed to take a new clean-state snapshot to be used for automatically signing new FlexApp One Applications from future FlexApp package captures.

Using the FlexApp One Bundler.exe

Creating signed FlexApp One Applications with Bundler.exe, directly, requires the following steps:

  1. Open an elevated cmd.exe prompt and run the following command using the password for the PFX file: bundler.exe setsigningcredential -p "<PFX password>"
  2. Append the following argument to your existing Bundler.exe bundle CLI(s) using your PFX filename: --certfile "<filename>.pfx"
    Example bundle command:
  3. Copy 
    "C:\Program Files (x86)\Liquidware Labs\FlexApp Packaging Automation\FlexApp One Bundler\bundler.exe" bundle -p "\\server\Packages\FlexAppName_20240207114326" -f ".\flexapp.zip" -t ".\engine.exe" --accepteula --plainconsole -c ".\FlexAppOneCertificate.pfx" -o "\\server\Packages\FlexAppName_20240207114326" --licfile ".\flexapp_one.lic" --seticon