the signing certificate and private key do not match or do not contain valid information

0
votes

i am working a setup project and i want to sign my "setup.exe" file.

For this issue, i have;

  • A "setup.exe" file
  • A "aaa.pfx" file (Also i am using this pfx file as my site ssl certificate.)

Firstly,

i converted pfx file to crt and pvk above command.

  • Export private key: openssl pkcs12 -in filename.pfx -nocerts -out key.pvk
  • Export certificate: openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.crt

And I am using windows signwizard tool for signing,

Steps:

  • I selected my "setup.exe" file
  • I selected my "cert.crt"
  • I selected "key.pvk" And this get an error like picture;

enter image description here

Any suggestions?

2
opensslinstallationsetup-deploymentsignsigntool

2 Answers

0
votes

Have you tried something like:

1.
openssl sha256 -out digest.txt setup.exe
2.
openssl dgst -sha256 -sign key.pvk -out signed_setup.exe digest.txt
0
votes

You say you use the same PFX (which is a PKCS#12 equivalent) for your SSL site certificate.

That is the problem: you cannot use such a certificate which type is TLS Web Server Authentication, TLS Web Client Authentication to sign code like a setup.exe

When reading the exported certificate with

openssl x509 -in cert.crt -text

You have to look for X509v3 Extended Key Usage: line.

To sign code, it must be: Code Signing, Microsoft Commercial Code Signing, it is a different service and a different price for certificate authority providers !