Digital Signature Requirements for MSI Created with OEM Installer Wizard
Starting with AutoCAD OEM 2023, the MSI created from the OEM Installer Wizard must be digitally signed, otherwise the installer will not run. After obtaining a digital certificate from a trusted certificate authority (CA), you can specify the certificate file and settings to use for signing the MSI file on the Digital Signature tab of the OEM Installer Wizard. For more information, see Digital Signatures and Signing Files in the AutoCAD OEM Developer’s Guide.
With the new release of AutoCAD OEM 2026 you will also have the option to use the APS Signature API
A signing service for OEM partners using APS – Signature API
AutoCAD OEM developers often face challenges in signing their installers due to the increasing complexity of procuring and managing the hardware infrastructure required by code-signing authorities. As outlined in this document, Certificate Authorities (CAs) no longer support browser-based key generation, certificate installation, or the traditional CSR (Certificate Signing Request) process. Instead, private keys and certificates must now be stored on FIPS 140-2 Level 2 or Common Criteria EAL 4+ certified hardware tokens or HSMs (hardware security modules).
Unsigned installer packages built using Autodesk ODIS technology will fail during installation. To address this, we provide the APS Signature web service, which the AutoCAD OEM Installer Wizard utilizes internally to sign code files and installer packages, ensuring compliance and successful deployment.
Using APS Service for Digital Signing
This flowchart provides a step-by-step guide for setting up an Autodesk APS (Autodesk Platform Services) application for integration with an OEM Installer Wizard. The process includes:
- Signing in to Autodesk APS – Access the APS platform at https://aps.autodesk.com.
- Navigating to My Apps – Manage applications within the Autodesk APS portal.
- Creating an Application – Select the Server-to-Server App option to generate authentication credentials.
- Saving the Client ID and Client Secret – These credentials are required for authentication and future configuration.
- Requesting Autodesk Support to Allowlist the Client ID – Ensure that Autodesk recognizes and authorizes your application.
- Send an email to oem@techsoft3d.com with your Client ID. This request will be forwarded to Autodesk, allowing the respective Client ID to access the APS Signature Service.
- Without an allowlisted Client ID, the Installer Wizard will not complete the process successfully.
- Setting Up Environment Variables – Define AOEM_SIGN_ID and AOEM_SIGN_SECRET using the obtained credentials.
- Launching the OEM Installer Wizard – Run the wizard for application deployment.
- Building the Project – Finalize the setup to integrate with Autodesk services.
Lifecyle and Governance of APS Client Credentials
- APS client credentials remain on the user’s machine throughout the workflow and are never transmitted externally.
- Do not share the Client Secret for allowlisting.
- The OEM Installer Wizard uses APS credentials to generate an APS token, which is then used to call the Autodesk Signature Generator API.
- The Signature Generator API is not publicly accessible.
- To enable the Signature Generator API for signing, the Client ID must be allowlisted.
- Internet access is required when executing the Installer Wizard.
- Ensure that developer.api.autodesk.com is allowed through the firewall/proxy server for optimal functionality. For more details, refer to Which URLs/Protocols need to be allowed for Autodesk Subscription Licensing.
Bringing Your Own Digital Signature
In case if you already procure digital signature, this section is for you.
The AutoCAD OEM Installer Wizard includes a field for specifying Signing CLI arguments from a digital signature vendor.
- The OEM Installer executes the signing tool to sign the files.
- Ensure that the OEM Installer has access to the signing tool or provide its full path along with the necessary arguments.
- For more information, refer AutoCAD OEM 2026 Developer Guide.