I got a new Code Signing certificate (from Sectigo), on a YubiKey dongle.
I have followed the instructions here:
https://www.advancedinstaller.com/user- ... gning.html
We don't have an EV certificate, but I don't think that should make a difference.
However, at the point of signing (we are running this in a script), I get:
Detecting MSI incompatible resources
ERROR: Digital signature. Digital certificate selected for signing has expired! Please replace it with a valid SHA256 certificate.
WARNING: Digital signature. Digital certificate selected for signing is of SHA1 type. This might work but is not officially supported by Windows, a SHA256 certificate is recommended.
There are no other certificates on the build system. I have checked that the exported certificate is the correct one and is valid (copied it to a Linux system and got the text using OpenSSL).
See attachment for my setup.
Any ideas?