Digital Signing Error - Code 0xC0000225

Hi team - trying to digitally sign an .exe file from XLS Padlock 2021.1.

I have a current EV certificate just purchased from Sectigo, have ‘installed’ it on the computer, the license appears active in SafeNet.

On the Distribute EXE tab, I have “Certificate Thumbprint” selected (I only have a .cer file, not a .pfx file), correct Thumbprint address, running SHA256 only, but when I select “Sign EXE File Now” I get an error. The compilation log says Signing Error - Code 0xC0000225.

Please help. I’ve spent eight hours on this today and would love nothing but to get this code-signing certificate to work.

EV certificates may be more complicate to configure. Can you check the solution here?

Please forgive my lack of understanding - but that solution is specific to, correct?

I’m using SafeNet as Sectigo recommended. I’ve looked through all settings in SafeNet and cannot find anything similar to this setting to replace CSP with minidriver library.

Also, I downloaded proCertum CardManager and in their current version ( as of this writing), this setting in Options is no longer available:

Can you try the instructions here?

Batch Signing Files

If you want to batch sign your files, you need to enable single logon for the SafeNet Token. Once single logon is enabled and you have logged into the Token, you can batch sign your files, enabling you to enter your password only once per user session.

How to Enable Single Logon for a SafeNet Token

  1. Open SafeNet Authentication Client Tools. Navigate to Start > Program Files > Safenet > Safenet Authentication Client Tools.
  2. Click the Advanced View icon (gold gear).
  3. In the menu tree in the left pane, select Client Settings.
  4. In the right pane, select the Advanced tab.
  5. On the Advanced tab, select the Enable single logon option.
  6. Click Save.
  7. To activate the single logon feature, log off from the computer and log on again.

I followed these instructions and installed Windows SDK and I can see the certificate in the certmgr. The recommended Sectigo/SafeNet approach is what I’m trying to complete, so the DigiCert timestamp specifics I believe don’t apply here, correct?

As of now I am able to sign SHA1, but not SHA56. I get the same error code 0XC0000225 when trying to do the SHA56.

I did “Enable single logon” in SafeNet settings as well.

Since you installed the Windows SDK, can you try to sign your EXE file with signtool. Thus, we know that your certificate works with signtool.