I use a code-signing certificate in my work with InstallShield and thought I would outline what I have learned over the past couple of years.
First off, to digitally sign your installations in InstallShield, you have to have a code-signing certificate. When most people shop for code-signing certificates they find the prices vary widely. Of course there is Verisign, which is a recognizable brand name, and whose certificates cost the most. Then there are other vendors. The one I chose was Comodo. Their code-signing certificates are less expensive, and in two years of using them I have never had any problems. So personally, I have never seen a reason to spend more money and go with Verisign. Now, this won't win me any friends at Verisign, but that's just my experience. Also, I don't get any money from Comodo for referring you to them. I'm just trying to save you some time and money so you won't have to struggle and figure all this stuff out on your own.
One last point on certificate vendors. Some people wonder if a Comodo certificate is as good as a Verisign certificate. Well, aside from having had no problems with Comodo certificates, I can say one more thing. Microsoft has included Comodo in the Trusted Root Certificate store in Windows. You can do a search on MSDN and find Microsoft's list of Trusted Root Certificate Authorities. If Comodo was not a valid authority, do you think Microsoft would have listed them as a trusted source? That's my viewpoint on this. So, let's move on.
Now that you have a code-signing certificate, what do you do with it? Well, for normal signing of a release, you go to the Signing tab for the release and enter your .pfx and .pvk files. Generally, you don't want to sign your code (the assembly, .exe, .dll, etc.) in Visual Studio. I have found it is much better to let InstallShield sign everything.
Next, you want to make sure you get at least a 2048-bit code-signing certificate. In addition, make sure you get the certificate as well as an .SPC file. You see, to do One-Click Installs, InstallShield will require you to have all three files, .pfx, .pvk, .spc. Now, there are posts on the net that say you can generate your own .spc file, but I have spent a lot of time using various tools and have never had any success doing this. So, you have to get the .spc file from the Certificate Authority at the same time you get your certificate. Make sure you ask for it. Also, don't worry if you aren't given a .pfx and a .pvk file. You can use Microsoft's tools and generate one if you have the other. Not a problem.
Hope this helps. If you have any specific questions on this topic, just go to http://www.wavepointstudios.net/contact.aspx and send me an email.