1
我正在使用SignTool
和数字证书来签署dll。Signtool使用调试选项的输出
对dll的签名是我构建过程的一个步骤。我使用的MSBuild建立我的应用程序,所以它是Target
之一,并使用Exec Command
签署的dll如下 -
<Exec Command = "signtool sign /a /v /sha1 $(SHA1) $(binPath)\app.exe" />
where $(SHA) is the hash of the certificate
$(binPath) is the path of the binaries
现在,这并不签署的DLL,并给了我一个错误,说明
SignTool Error: No certificates were found that met all the given criteria.
我根据这个post
试图debug
选项,我得到了下面的输出
21:00:06,920 INFO - The following certificates were considered:
21:00:06,923 INFO - Issued to: <Issued to company name>
21:00:06,923 INFO -
21:00:06,923 INFO - Issued by: <Issued by company name>
21:00:06,923 INFO -
21:00:06,924 INFO - Expires: Mon Nov 28 05:29:59 2016
21:00:06,924 INFO -
21:00:06,924 INFO - SHA1 hash: D5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxDA
21:00:06,924 INFO -
21:00:06,924 INFO -
21:00:06,924 INFO - Issued to: <Issued to company name>
21:00:06,924 INFO -
21:00:06,924 INFO - Issued by: <Issued by company name>
21:00:06,924 INFO -
21:00:06,924 INFO - Expires: Sun Dec 10 05:29:59 2023
21:00:06,924 INFO -
21:00:06,924 INFO - SHA1 hash: D0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBC
21:00:06,924 INFO -
21:00:06,924 INFO -
21:00:06,925 INFO - Issued to: <Issued to company name>
21:00:06,925 INFO -
21:00:06,925 INFO - Issued by: <Issued by company name>
21:00:06,925 INFO -
21:00:06,925 INFO - Expires: Thu Jul 17 05:29:59 2036
21:00:06,925 INFO -
21:00:06,925 INFO - SHA1 hash: 91xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx81
21:00:06,925 INFO -
21:00:06,925 INFO -
21:00:06,925 INFO - After EKU filter, 3 certs were left.
21:00:06,925 INFO - After expiry filter, 2 certs were left.
21:00:06,925 INFO - After Hash filter, 0 certs were left.
21:00:06,925 INFO - After Private Key filter, 0 certs were left.
21:00:06,925 INFO - SignTool Error: No certificates were found that met all the given criteria.
得到这个输出后,我不知道该如何继续。
但是还有一个观察,
SignTool
成功签署DLL时,它是通过命令提示符下运行的。
现在这是以上的事情让我疯了。
请求帮助。
你传入了哪个SHA1哈希值?你确实意识到你的第一张证书在昨天过期了。 – selbie
@selbie:我正在使用我们获得的新证书的SHA1值,并且我确实意识到它已过期,这是有效的。 –