I am trying to create a self signed, code signing certificate, but when I try to use it to sign an .exe I get this SignTool error SignTool Error: The specified PFX password is not correct.
Here are the commands I running to create the certificate, export it to pfx with a password, then sign an .exe
$password = "password"
$certificate = New-SelfSignedCertificate -DnsName "MyCompany, Dev" -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My
$certificatePassword = ConvertTo-SecureString -String $password -Force –AsPlainText
Export-PfxCertificate -Cert "cert:\CurrentUser\My\$($certificate.Thumbprint)" -FilePath "C:\Users\me\Project\CSCDev.pfx" -Password $certificatePassword
SignTool sign /f "C:\Users\me\Project\CSCDev.pfx" "C:\Users\me\Project\MyCompanyApp.exe" /p $certificatePassword
What have done wrong?
CodePudding user response:
As above, I'd use the Powershell cmdlet rather than export the code-signing certificate:
$cert=(dir cert:currentuser\my\ -CodeSigningCert)
$script = Read-Host -Prompt "Please enter (without quotes) the path to the file you are signing `r`n
Example: \\server\my folder\projects.ps1 `r`n"
# Alternative timestamp sources:
#http://timestamp.comodoca.com/authenticode
#http://timestamp.globalsign.com/scripts/timestamp.dll
#http://tsa.starfieldtech.com
#
Try {
Set-AuthenticodeSignature -FilePath $($script) -Certificate $cert -TimestampServer http://timestamp.digicert.com -Verbose -ErrorAction Stop
}
Catch {
$_
}