[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SignTool Error with Windows 10

Posted on 2016-07-28
5
Medium Priority
?
452 Views
Last Modified: 2016-08-09
We author a Windows application (using Microsoft Visual Studio 2008).  We sign the .exe (and other components) with SignTool.exe.  This works fine on a Windows 7 computer.  On a Windows 10 computer we get the message:

SignTool Error: ISignedCode::Sign returned error: 0x80880253
The signer's certificate is not valid for signing.

The batch file includes:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\SignTool.exe" sign /f "C:\elevate\CodeSigning\[certificate name].pfx" /p "[certificate password]" /v /t http://timestamp.comodoca.com/authenticode "[application name]"

Thanks in advance for your help.
0
Comment
Question by:richardpeters
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 56

Accepted Solution

by:
Joe Winograd, EE MVE 2015&2016 earned 2000 total points
ID: 41733422
I'm guessing that the problem is that the signtool.exe in your Visual Studio 2008 doesn't support code signing in W10. Install Visual Studio 2015 to get the latest signtool.exe, which supports W10. You don't have to switch to using VS2015 — just get the signtool.exe file from it (that's what I did). It will probably get installed in a Windows Kits subfolder of Program Files, but I just copied it to where I do my code-signing.

Also, while you're at it, you should change your code signing to use SHA2 (SHA256), since Microsoft has deprecated SHA1 code signing. You'll need to get Comodo to reissue your cert for SHA256 (Symantec/VeriSign reissued mine at no charge — Comodo will likely do the same). I changed my process to sign both SHA1 and SHA256, but note that the order of signing is important. You want to sign with SHA256 last so that if the user views the cert at the UAC prompt, SHA256 will appear at the top of the Details tab. That is, you want it to look like this:

sha256
Not this:

sha1
Regards, Joe
0
 

Author Comment

by:richardpeters
ID: 41734848
Joe
Thank you for your suggestions.  I have asked Comodo to re-issue the certificate and will let you know how I get on.  I am our of the office next week, so if my update is delayed, my appologies in advance.  I really apprecitate you input!
Regards
Richard
0
 
LVL 56

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41734877
Hi Richard,
No worries on the delay. Safe travels! Regards, Joe
0
 
LVL 5

Expert Comment

by:Nadir ALTINBAS
ID: 41740536
there is a hash algorithm clashes.if you delete older one SHA and newer version upload the problem will not occur
0
 

Author Closing Comment

by:richardpeters
ID: 41748696
It took a while, but once I got Comodo to re-issue the certificate it all worked.  Thank you!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question