Hi team - trying to digitally sign an .exe file from XLS Padlock 2021.1.
I have a current EV certificate just purchased from Sectigo, have ‘installed’ it on the computer, the license appears active in SafeNet.
On the Distribute EXE tab, I have “Certificate Thumbprint” selected (I only have a .cer file, not a .pfx file), correct Thumbprint address, running SHA256 only, but when I select “Sign EXE File Now” I get an error. The compilation log says Signing Error - Code 0xC0000225.
Please help. I’ve spent eight hours on this today and would love nothing but to get this code-signing certificate to work.
EV certificates may be more complicate to configure. Can you check the solution here? https://stackoverflow.com/a/58924038
Please forgive my lack of understanding - but that solution is specific to Certum.pl, correct?
I’m using SafeNet as Sectigo recommended. I’ve looked through all settings in SafeNet and cannot find anything similar to this Certum.pl setting to replace CSP with minidriver library.
Also, I downloaded proCertum CardManager and in their current version (3.5.1.182 as of this writing), this setting in Options is no longer available:
Can you try the instructions here?
https://www.digicert.com/kb/code-signing/ev-authenticode-certificates.htm
Batch Signing Files
If you want to batch sign your files, you need to enable single logon for the SafeNet Token. Once single logon is enabled and you have logged into the Token, you can batch sign your files, enabling you to enter your password only once per user session.
How to Enable Single Logon for a SafeNet Token
- Open SafeNet Authentication Client Tools. Navigate to Start > Program Files > Safenet > Safenet Authentication Client Tools.
- Click the Advanced View icon (gold gear).
- In the menu tree in the left pane, select Client Settings.
- In the right pane, select the Advanced tab.
- On the Advanced tab, select the Enable single logon option.
- Click Save.
- To activate the single logon feature, log off from the computer and log on again.
I followed these instructions and installed Windows SDK and I can see the certificate in the certmgr. The recommended Sectigo/SafeNet approach is what I’m trying to complete, so the DigiCert timestamp specifics I believe don’t apply here, correct?
As of now I am able to sign SHA1, but not SHA56. I get the same error code 0XC0000225 when trying to do the SHA56.
I did “Enable single logon” in SafeNet settings as well.
Since you installed the Windows SDK, can you try to sign your EXE file with signtool. Thus, we know that your certificate works with signtool.