I used to sign my files with a file based certificate. But now I have been asked to use a usb token, which I have purchased and installed. I am able to sign my exe files from the command line with signtool. It requests for my password and once I enter it, it's signed.
However, I am not able to use it in AdvanceInstaller.
AI does recognise the device as a store but when I build, it throws an error saying "Error message: 'SignTool Error: No certificates were found that met all the given criteria."
But I am able to sign my files from the command line. How do I get this to work with AdvancedInstller.
Suggested Articles
Re: Code Signing with Sectigo USB token
Hello,
We are aware of the issue on certain devices, it appears the root certificate isn’t trusted on those machines, we’re actively investigating. We’ll share a fix as soon as it’s available. Please also note that the current error message is misleading.
Since signing works correctly when you run the SignTool command manually, could you please verify whether the same signing operation succeeds when configured in Advanced Installer? You don’t need to specify individual files, Advanced Installer will automatically append every file marked for signing during the build.
Thank you for bring this to our attention.
Best regards,
Dan
We are aware of the issue on certain devices, it appears the root certificate isn’t trusted on those machines, we’re actively investigating. We’ll share a fix as soon as it’s available. Please also note that the current error message is misleading.
Since signing works correctly when you run the SignTool command manually, could you please verify whether the same signing operation succeeds when configured in Advanced Installer? You don’t need to specify individual files, Advanced Installer will automatically append every file marked for signing during the build.
- external-sign-tool.png (27.22 KiB) Viewed 1859 times
Best regards,
Dan
Re: Code Signing with Sectigo USB token
Hello Dan,
I tried with custom settings and passed the same arguments as I did in the command line, minus the filename. I got the same (misleading) error:
I also tried passing the thump pint as you had advised over email. There was no change in response.
I look forward to to a fix soon. In the meantime, are there any other ways I can package signed apps? Should I sign them individually from the command line and then sign the setup exe file also from the command line? Will I miss anything if I do this?
Warm regards.
~ MUTHU
I tried with custom settings and passed the same arguments as I did in the command line, minus the filename. I got the same (misleading) error:
Code: Select all
SignTool Error: No certificates were found that met all the given criteria.I look forward to to a fix soon. In the meantime, are there any other ways I can package signed apps? Should I sign them individually from the command line and then sign the setup exe file also from the command line? Will I miss anything if I do this?
Warm regards.
~ MUTHU
Re: Code Signing with Sectigo USB token
Hello,
Using an external SignTool as a workaround appears to have resolved the issue:
We have further investigated this issue over email and in this particular case, the end-user had an ARM device, so he had to select the ARM version of SignTool that comes with the Windows SDK archive.
We're still investigating why the validation fails with the built-in support from Advanced Installer.
Let us know if you encountered this behavior and what was the fix that worked for you.
Best regards,
Dan
Using an external SignTool as a workaround appears to have resolved the issue:
- custom-signtool-arm.png (26.08 KiB) Viewed 1807 times
We have further investigated this issue over email and in this particular case, the end-user had an ARM device, so he had to select the ARM version of SignTool that comes with the Windows SDK archive.
We're still investigating why the validation fails with the built-in support from Advanced Installer.
Let us know if you encountered this behavior and what was the fix that worked for you.
Best regards,
Dan
Re: Code Signing with Sectigo USB token
Hello Dan,
Thank you for the continuous follow up. When I used the external signtool, it worked. I don't think it had to be an ARM64 version, but I have not tested with the external x64 binary. I've not had any problems running X64 binaries. I can test it for you if you want me to.
Thank you for the continuous follow up. When I used the external signtool, it worked. I don't think it had to be an ARM64 version, but I have not tested with the external x64 binary. I've not had any problems running X64 binaries. I can test it for you if you want me to.
Re: Code Signing with Sectigo USB token
Hello Dan,
I tried setting the x64 version of SignTool to sign the packing I am building in my Arm64 machine. I got back the error:
I switched back to the Arm64 version and the signing went through without problems. Just wanted to let you know.
I tried setting the x64 version of SignTool to sign the packing I am building in my Arm64 machine. I got back the error:
Code: Select all
'SignTool Error: No certificates were found that met all the given criteria.Re: Code Signing with Sectigo USB token
Hello,
Thank you for your followup on this!
We'll update this thread when we'll find more information on this.
Best regards,
Catalin
Thank you for your followup on this!
We'll update this thread when we'll find more information on this.
Best regards,
Catalin