Unable to do EV code signing via an IIS server RRS feed

  • Question

  • I have an IIS server setup to do code signing. The client sends the file to the server; the server calls Microsoft's signtool.exe, signs the file and sends it back to the client. This process works well with a standard code signing certificate.

    I just purchased a Symantec EV certificate which comes on a USB token. I'm trying to get it working with the same setup, but signtool.exe returns the error "SignTool Error: No certificates were found that met all the given criteria.". I suspect this is an issue with IIS not being able to interact properly with the USB token device.

    If i run signtool.exe from the command-line, everything works fine. It just doesn't work when run via IIS. Is there any IIS configuration/permissions I'm missing?

    I'm using Windows Server 2012 and IIS 8.5.



    Friday, October 2, 2015 9:01 PM

All replies

  • Hello,

    We meet this issue also, it is the smart card(USB token) redirection problem.

    We had tried any methods that shared in the internet, but still cannot do smart card remote access.

    So far, we setup VNC to do server remote control, and open FTP service on Server 2012 to upload

    file to server.

    Just some reference for you,


    Monday, October 5, 2015 5:21 AM
  • Thanks for your reply Richard.

    You do an FTP upload and manually remote into the server to do the signing. Is that what you mean?


    Monday, October 5, 2015 3:31 PM
  • Yes, Vikram

    we use FTP to upload file to server,

    and use VNC Viewer to do remote control on server to sign digital signature.

    Hope it can offer some help for you,


    Tuesday, October 6, 2015 1:09 AM
  • We use a similar approach (FTP) but we're trying to fully automate the signing on the server so that it doesn't need any user interaction.


    Tuesday, October 6, 2015 1:17 AM