I’m trying to do code signing using SignTool. It seems to be some permission issues connected to this. Do the user need some extra permissions to be able to use signtool? Any suggestions on how to solve this issue? It works using the certificate on two distinct computers, so my guess is that related to the current travis windows user configuration, or am I wrong?
C:\Users\travis\.cache\electron-builder\winCodeSign\winCodeSign-2.4.0\windows-10\x64\signtool.exe sign /t http://timestamp.verisign.com/scripts/timstamp.dll /f C:\Users\travis\AppData\Local\Temp\t-1GW6GP\0.p12 /d My App /du http://./ /p 64fe8a784f3a874213c3731744fb939fba7f8f784976f649f20298cb951e9834 (sha256 hash) /debug C:\Users\travis\build\xxx\my-app\dist\win-unpacked\My App.exe
I get the following error:
SignTool Error: An unexpected internal error has occurred. Error information: "Error: Store::ImportCertObject() failed." (-2146893808/0x80090010)
I ran the same dist command using powershell and got a bit further.
SignTool Error: No certificates were found that met all the given criteria. The following certificates were considered: Issued to: My company Issued by: COMODO RSA Code Signing CA Expires: Sat Dec 05 23:59:59 2020 SHA1 hash: <sha hash> Issued to: COMODO RSA Certification Authority Issued by: AddTrust External CA Root Expires: Sat May 30 10:48:38 2020 SHA1 hash: <sha hash> Issued to: COMODO RSA Code Signing CA Issued by: COMODO RSA Certification Authority Expires: Mon May 08 23:59:59 2028 SHA1 hash: <sha hash> After EKU filter, 3 certs were left. After expiry filter, 3 certs were left. After Private Key filter, 0 certs were left. SignTool Error: No certificates were found that met all the given criteria.
I’ve read somewhere that this issue can be caused by not running signtool.exe in elevated mode.
Is there a way to run commands in elevated mode at the moment?