Powershell is creating code signing certificates with bad passwords, what am I doing wrong?-CodePudding

I am trying to create a self signed, code signing certificate, but when I try to use it to sign an .exe I get this SignTool error SignTool Error: The specified PFX password is not correct.

Here are the commands I running to create the certificate, export it to pfx with a password, then sign an .exe

$password = "password"
$certificate = New-SelfSignedCertificate -DnsName "MyCompany, Dev" -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My
$certificatePassword = ConvertTo-SecureString -String $password -Force –AsPlainText
Export-PfxCertificate -Cert "cert:\CurrentUser\My\$($certificate.Thumbprint)" -FilePath "C:\Users\me\Project\CSCDev.pfx" -Password $certificatePassword
SignTool sign /f "C:\Users\me\Project\CSCDev.pfx" "C:\Users\me\Project\MyCompanyApp.exe" /p $certificatePassword

What have done wrong?

CodePudding user response：

As above, I'd use the Powershell cmdlet rather than export the code-signing certificate:

$cert=(dir cert:currentuser\my\ -CodeSigningCert)

$script = Read-Host -Prompt "Please enter (without quotes) the path to the file you are signing `r`n
Example: \\server\my folder\projects.ps1 `r`n"

# Alternative timestamp sources:
#http://timestamp.comodoca.com/authenticode
#http://timestamp.globalsign.com/scripts/timestamp.dll
#http://tsa.starfieldtech.com
#
Try {
    Set-AuthenticodeSignature -FilePath $($script) -Certificate $cert -TimestampServer http://timestamp.digicert.com -Verbose -ErrorAction Stop
}
Catch { 
    $_
}