MsiDigitalCertificate Table

The MsiDigitalCertificate table stores certificates in binary stream format and associates each certificate with a primary key. The primary key is used to share certificates among multiple digitally signed objects. A digital certificate is a credential that provides a means to verify identity. For more information, see Digital Certificates in the Cryptography section of the Microsoft Windows Software Development Kit (SDK).

The MsiDigitalSignature and MsiDigitalCertificate tables are available starting with Windows Installer version 2.0.

Windows Installer can use digital signatures as a means to detect corrupted resources. Windows Installer version 2.0 can only verify the digital signatures of external cabinets, and only by the use of the MsiDigitalSignature and MsiDigitalCertificate tables.

Beginning with Windows Installer version 3.0, the Windows Installer can verify the digital signatures of patches (.msp files) by using the MsiPatchCertificate and MsiDigitalCertificate tables. For more information, see Guidelines for Authoring Secure Installations and User Account Control (UAC) Patching.

The MsiDigitalCertificate table has the following columns.

Column Type Key Nullable
DigitalCertificate Identifier Y N
CertData Binary N N




Identifies the digital signature certificate. Primary key of table.


The binary representation of the digital certificate. The CertData column contains the encoded byte array of a certificate context. This is the pbCertEncoded member of the CERT_CONTEXT structure. The certificate context can be obtained by calling WinVerifyTrust, MsiGetFileSignatureInformation, or by importing a .cer file.




MsiDigitalSignature table

Digital Signatures and Windows Installer