locked
VSIX Invalid Certificate RRS feed

  • Question

  • I have a certificate with the full certification tree

    ROOT \ INTERMEDIATE \ MY COMPANY

    I need a certificate with all this tree for dlls, since the root was not always recognized.

    The command I execute is:

    vsixsigntool.exe sign /f <cert.pfx> /tr http://timestamp.comodoca.com/rfc3161 /fd sha256 /v /p <certpassword> <vsix file>

    This way I get a warning saying that the pfx contains 3 certificates 

    "VsixSignTool Error: Multiple certificates were found that meet all the given

                    criteria. Use the /sha1 option with the hash of the
                    desired certificate."

    So, I do what it says, I use the sha1 option this way:

    vsixsigntool.exe sign /f <cert.pfx> /tr http://timestamp.comodoca.com/rfc3161 /sha1 <hash> /fd sha256 /v /p <certpassword> <vsix file>

    The hash used is the MY COMPANY, other way I get an error.

    The sign return sucess

    VsixSignTool Success: Package <vsix> was signed successfully.

    Number of files successfully Signed: 1
    Number of errors: 0

    Once I execute the VSIX, I have two behaviours.

    1. If I have the certicate installed on the machine, it returns valid Digital Signature.

    2. Any other machine I get "Invalid Certificate"

    I think that this happens due to the same behaviour that I had in the dlls, the root authority is not recognized.

    This leaves me to think that VSIX can only be signed with certificates emited by ROOT AUTHORITIES distributed with windows.

    Is this a limitation? Or I have any way to work around this?

    Thanks


    • Edited by P. Alves Wednesday, October 3, 2018 9:37 AM
    Wednesday, October 3, 2018 9:35 AM