1

Recently our company bought Thawte authenticode certificate. Now I'm trying to sign very simple hello-world .NET console application.

I use

signtool.exe signwizard

  1. choose my .exe
  2. choose certificate from file. I select .crt file. All info about cert is ok - there are attributes of our company
  3. then I'm suggested to choose private key. I've saved private key when I've generated Certificate Request file .csr.I select it - .key file. enter image description here
  4. Click Next and then goes error saying that "Certificate and private key don't match or contain invalid info"

I verified that my private key match certificate according to that post Verifying that a Private Key Matches a Certificate and all seems fine - modulus and public exponent are the same.

What am I doing wrong?

nikita
  • 2,535
  • 2
  • 16
  • 23

1 Answers1

2

I've managed to sign executable using generated .pfx file.

This is how .pfx is created from cert and private key - create pfx

Then I've used signtool -

signtool.exe sign /f your.pfx /p pfxpassword <exe.file>

And it was signed!

Again, it is with .pfx file which needs to be created first.

Community
  • 1
  • 1
nikita
  • 2,535
  • 2
  • 16
  • 23