none
SignTool Error: No certificates were found that met all the given criteria

    Question

  • I'm using signtool to sign an exe file as following commands:

     

    C:\Keys>Signtool sign /v /s MY /n application.pfx /t http://timestamp.verisign.com/scripts/timstamp.dll application.exe
    SignTool Error: No certificates were found that met all the given criteria.
    
    C:\Keys>Signtool sign /v /f application.pfx /p password application.exe
    SignTool Error: No certificates were found that met all the given criteria.
    
    C:\Keys>signtool sign /a application.exe
    SignTool Error: No certificates were found that met all the given criteria.
    
    
    application.pfx is official file from Veri Sign organization, and I imported it into Persional Certificates as well as Trusted Root Certification Authorities of Local Computer and Current User.

     

    I also tried to sign by using signwizard, it's success but after verify the error occured

    C:\Keys>signtool verify application.exe
    SignTool Error: The signing certificate is not valid for the requested usage.
        This error sometimes means that you are using the wrong verification
        policy. Consider using the /pa option.
    SignTool Error: File not valid: application.exe
    How to solve this error?

    I also referenced to other link but still cannot solve.

    http://social.msdn.microsoft.com/Forums/en/winformssetup/thread/1261217f-7d8f-4290-a7c9-88e864f5d7b4

    http://msdn.microsoft.com/en-us/library/aa388170

    http://blogs.msdn.com/b/winsdk/archive/2009/11/13/steps-to-sign-a-file-using-signtool-exe.aspx

    Please help.

     

    Thank you

    Monday, June 20, 2011 7:36 AM

Answers

  • Hi pbtnhan,

    Yep, the links you've provided is not clear on how to use the SignTool.exe.

    Here is the detailed specifications on how to use the SignTool.exe:

    SignTool.exe (Sign Tool):
    http://msdn.microsoft.com/en-us/library/8s9b9yaz.aspx

    You can't verify the application since you failed to sign the application.

    The examples in the link above will show you the way to sign your application. And you should make sure that whether the signatures has paswords or not. And whether the time-stamps files is correct or not.

    If you have any questions, please feel free to tell us.

    Best Regards 


    Neddy Ren [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by pbtnhan Monday, June 27, 2011 3:51 AM
    Wednesday, June 22, 2011 6:51 AM
  • Actually there is a problem with pfx file and luckily it was fixed.

    Thank you for your supporting

    • Marked as answer by pbtnhan Monday, June 27, 2011 4:32 AM
    Monday, June 27, 2011 4:32 AM

All replies

  • Is it a code signing certificate? Perhaps it has a different type.

    Also, did you import it by double-clicking the PFX file in Windows Explorer?


    Cosmin Pirvu
    • Proposed as answer by Ran_619 Friday, July 19, 2013 8:44 AM
    • Unproposed as answer by Ran_619 Friday, July 19, 2013 8:44 AM
    • Proposed as answer by Ran_619 Friday, July 19, 2013 8:44 AM
    Tuesday, June 21, 2011 1:07 PM
  • Hi pbtnhan,

    Yep, the links you've provided is not clear on how to use the SignTool.exe.

    Here is the detailed specifications on how to use the SignTool.exe:

    SignTool.exe (Sign Tool):
    http://msdn.microsoft.com/en-us/library/8s9b9yaz.aspx

    You can't verify the application since you failed to sign the application.

    The examples in the link above will show you the way to sign your application. And you should make sure that whether the signatures has paswords or not. And whether the time-stamps files is correct or not.

    If you have any questions, please feel free to tell us.

    Best Regards 


    Neddy Ren [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by pbtnhan Monday, June 27, 2011 3:51 AM
    Wednesday, June 22, 2011 6:51 AM
  • Actually there is a problem with pfx file and luckily it was fixed.

    Thank you for your supporting

    • Marked as answer by pbtnhan Monday, June 27, 2011 4:32 AM
    Monday, June 27, 2011 4:32 AM
  • Congratulations to you and thank you for sharing your solutions here.

    If you have any questions, please feel free to tell us.

    Best Regards


    Neddy Ren [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, June 27, 2011 7:40 AM
  • I am new to this, but I have a similar problem trying to use signtool to signs device driver package.

    I follow the procedure shown at:

    http://technet.microsoft.com/en-us/library/dd919238%28v=ws.10%29.aspx

    At the end I typed this command:

    SignTool sign /s MyCompanyCertStore /n “MyCompany – for test use only” /t http://timestamp.verisign.com/scripts/timestamp.dll
             MyDriver.cat

    I got the same Signtool error: No certificates were found that met all the given criteria. This is a little different from the error that pbtnhan encountered earlier. I also wonder where pbtnhan got the fileapplication.pfx from?

    Tuesday, June 12, 2012 11:36 AM