![]() ![]() Valid organization-wide: if the laptop is joined to a company's Active Directory (not Azure AD) domain, and if the company has AD Certificate Services available, try requesting one from there via certmgr.msc → Personal → All Tasks → Request New Certificate. You don't need the more expensive "EV Code Signing" variant in this case, just the regular (but still expensive) non-EV one. Valid world-wide: buy one from a certificate authority (check the usual places that sell TLS/HTTPS certificates). If you do not have a code-signing certificate, there are 3 ways to obtain one: v to make signtool more talkative about what it does. tr /td SHA256 to attach a timestamp that allows the signature to remain valid even after your code-signing certificate expires. (This is assuming you have a code-signing certificate installed in certmgr.msc – if you don't, then you cannot sign things.) a to make signtool auto-select a code-signing certificate. In your case, "C:\…\context.exe" is indeed not a valid algorithm name. > signtool sign /fd $certificate.getcerthashstring() $(where.exe context)Īs you can see, I'm still getting the same error, but it looks like New-SelfSignedCertificate is successfully generating a digital certificate with a hash string I can apparently use.Īlthough not shown in signtool's help text, the /fd option actually takes a hash algorithm name, e.g. > -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` EDITīased on answer, and the provided examples I did the following in powershell: > $certificate = New-SelfSignedCertificate -CertStoreLocation cert:\currentuser\my ` How can I sign the file without signtool throwing such an error? I've seen some stuff about certreq but I'm not sure if that's the way to go. SignTool Error: The specified algorithm cannot be used or is invalid. Signtool sign /fd C:\context\tex\texmf-win64\bin\context.exe ![]() I installed the Windows Software Development Kit with signtool and tried the following command: I would like to sign this program such that symantec does not pick it up as a security risk. The laptop has symantec endpoint protection installed and when I try to run the context executable from the command line Symantec Endpoint Protection opens with this window:Īs it turns out, I can simply allow the file and the executable works as expected. ![]() I recently installed context on a laptop for which I do not control the security policy. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |