Code Signing Issues

ExeOutput for PHP
1

Over the past month have had issues using the built-in code signing utility. Just have not had the time to deal with it and have been using the “DigiCert Certificate Utility for Windows” software to sign.

DigiCert Certificate Utility for Windows works without issues or failure every time. It uses the exact same time stamp URL (http://timestamp.digicert.com) as built-in code sign utility of exeout.

When using the built-in code utility of exeout, both SHA1 and SHA256 will fail:

image
image977×392 52.1 KB

Turn right around and recompile and then SHA256 fails:

image
image977×392 51.7 KB

Did not have this issue up until first of August.

So, any ideas why this is happening?

Would have preferred to handle this through private support, but no answer to last contact so posting here…

2

This error means “The process cannot access the file because it is being used by another process”. Are you using some antivirus or security application that could access the EXE file while being signed?

3

Hi I dont know if this can help anything here; I went through and purchased a code signing certificate from Comodo and installed it into a latest version exe4php compiled application that randomly reads and writes to windows special folders and it works perfectly, what i’m saying is that you can reasure your self that the compilation is working ok it has to be something in the parameters. The code signer will only code one signature not dual in windows 7 but will sign dual signatures in win 8 above. if that helps any…

4

Nothing has changed on my system since I started using V1 other than the standard window 10 updates.

Been using the dual sign with the same certificate (bought a 3 yr one) for two years without issue.

Will just use the external code sign utility.

Thank you @RobDwi for the input, much appreciated.

5

I should have said that I use win7 pro, I’ve just done another compilation, all works well.

6

Another question: is your certificate still valid?

7

Yes, of course the certificate is still valid. I use it with a code signing utility without issues to sign all different kinds of software. just used it this morning to dual sign a exeout EXE.

8

Last idea: could you try the default timestamp server that comes with ExeOutput?

9

I changed to http://sha256timestamp.ws.symantec.com/sha256/timestamp in environment options (second field) and seems to be back working for dual signing.

Maybe all this is null since got notice yesterday school district will no longer require SHA1 next month:)

Thanks for the input and help.