none
Unable to sign the package with HLK RRS feed

  • Question

  • Hi All,

    I'm trying to sign a package with WHLK to complete the certification process, but I'm getting an error message.

    I'm using a Symantec digital certificate (a Symantec Code Signing Certificates for Microsoft Authenticode with SHA256 hash algorithm).
    Before to create the package I imported the pfx file on server machine, by double-clicking on the pfx file and following the default options. After the import I can see my certificate in Personal folder.

    CASE 1
    Even if I imported the certificate, when I select the "Use the certificate store" option, no certificate is available.

    CASE 2
    If I select the "Use a certificate file" option, if I try to select the pfx file I have the error "Unable to sign package. The specified network password is not correct." (same event error message).
    If I try to select the cer file, tha package was created but, at the end, the HLK shows the error "Unable to use the selected certificate to sign the package". The event error message is "Could not create submissiobn package - Cannot locate the selected digital certificate."

    I'm using WHLK 10.1.10586.0 on server machine with Server 2012 R2 Enterprise edition.
    Client machine has Windows 10 64bit Enterprise (updated).


    Where am I going wrong?

    Thanks for any help
    Wednesday, February 17, 2016 11:03 AM

Answers

  • Please connect the HLK Server to the internet and then install the certificates. It is required to register the installed certificates. Registration of certificate may take some time so please wait for couple of minutes.

    Once it is done you can choose the "User Certificate store" option to sign the package.


    • Edited by Arpo Adhikari Monday, February 22, 2016 2:42 PM
    • Marked as answer by RFrati Monday, February 22, 2016 4:18 PM
    Monday, February 22, 2016 2:41 PM

All replies

  • UPDATE

    From HLK Getting Started Guide I see this:

    "Starting with Windows 10, you must also include an EV (extended validation) code signing certificate."

    Anyone knowns if this could be the reason of my trouble?

    Thanks

    Thursday, February 18, 2016 10:43 AM
  • Is your HLK server is connected to internet while installing the certificate ?
    Monday, February 22, 2016 1:19 PM
  • No, it is in a workgroup with the client machine.

    Monday, February 22, 2016 1:21 PM
  • Please connect the HLK Server to the internet and then install the certificates. It is required to register the installed certificates. Registration of certificate may take some time so please wait for couple of minutes.

    Once it is done you can choose the "User Certificate store" option to sign the package.


    • Edited by Arpo Adhikari Monday, February 22, 2016 2:42 PM
    • Marked as answer by RFrati Monday, February 22, 2016 4:18 PM
    Monday, February 22, 2016 2:41 PM
  • Thank you mery much!! Now I can use our standard certificate.

    Do you know where can I find the documentation about this?

    Monday, February 22, 2016 3:15 PM
  • Good to hear that it helped you, but I don't know if there is any documentation specific to this.
    Monday, February 22, 2016 4:17 PM
  • i am also facing the similar issue and my server is connected to internet. any other things i need to look at
    Wednesday, March 1, 2017 1:26 PM
  • What would I do in the case where I am running a stand alone sutdio to sign my HLKX generated on my test infrastructure?  All of our signing must be done in an isolated area for security purposes.  Do I need to install a 2nd HLK Controller there?
    Friday, February 16, 2018 4:50 PM
  • Have you tried to use the "Use a certificate file" option?
    Monday, February 19, 2018 8:11 AM
  • Interesting.  So, the cert needs to register via HLK with microsoft?  Can't I do that via the Microsofts' site? https://developer.microsoft.com/en-us/windows/hardware

    I use an HSM and didn't plan to place that on the system orchestrating the test.  Is it OK for me to generate an unsigned package on my HLK controller, migrate it over to a stand alone Studio and sign it there?

    Wednesday, February 21, 2018 8:46 PM
  • Yes, none my certs are accepted.  I have a sha256 from an authority and I use this for cross signing signing my drivers.  I tried a new self signed cert and that wasn't an option via studio either.
    Wednesday, February 21, 2018 8:48 PM