Code Signing Windows Innosetup package

Hi all

I have a desktop app that I deploy for Mac and Windows.

I have bitten the bullet and purchased a Windows code-signing certificate. Pre-packaging, my app has the app.exe, lots of DLL’s and 2 folders, Resources and Library.

I use Innosetup to make the Windows installer, and KSign 3.0 to do the code-signing.

My question is: Is it enough to build the app, use Innosetup to make the installer, and then use KSign to code-sign the final installer (myapp-setup.exe)?

Or should I code-sign all the components first, then make the installer and code-sign again?

Sign everything. And configure Inno to do it all for you. It’ll sign components before adding to the installer, then also sign the installer.