Digitally sign Inventor OEM deployment modules

There are two MSi modules in the Inventor OEM 2022 and 2023 distributable package that need to be digitally signed for the Installer to work.
A successful OEM Configurator build prompts you to do that:

The digital signature requirement is mentioned in the Inventor OEM documentation, but not explained. Here’s an overview of what you need and how you accomplish the signature.

Digital Signatures and Signing Files
Digital signatures are blocks of encrypted information that are often applied to executable files by a software vendor.

Prior to being able to digitally sign a program file, you need to obtain a digital certificate (also referred to as a digital ID). Digital certificates are commonly obtained from a Certificate Authority (CA) which is a company (also referred to as a Trust Service Provider) that manages and maintains a database of public and private keys that are used to apply a digital signature to a program file. There are many CAs that a digital certificate can be purchased from, some of the more common ones are:

NOTE:The digital certificates by IdenTrust were previously managed by GeoTrust and Symantec (Secure Email (S/MIME) | IdenTrust).

Digital certificates are not free, the cost will vary based on the CA and the type of certificate you need. As a software developer, you will need to obtain a Code Signing Certificate and not a Personal Authentication Certificate (PACs).
The signtool.exe tool, which is part of the Windows SDK, is used to digitally sign the MSI file.

Here’s how you use SIGNTOOL.EXE to sign the two Inventor OEM modules from a command prompt:

To Verify a Digital Signature

The following explains how to validate a digitally signed file in Windows File Explorer:

  1. In File Explorer, select the digitally signed file to validate.

  2. Right-click the selected file and choose Properties.

  3. In the Properties dialog box, click the Digital Signature tab.

  4. Select the signature entry from the Signature List and then click Details.
    Information about the signer (software vendor) is displayed along with the status of the digital signature.

Read the full Microsoft documentation on SIGNTOOL.EXE here: SignTool.exe (Sign Tool) - .NET Framework | Microsoft Docs