Home/ Questions/Q 770019
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T18:25:50+00:00

I posted this question and have a freshly minted code signing cert from Thawte.

  • 0

I posted this question and have a freshly minted code signing cert from Thawte.

I followed the instructions (or so I thought) and the code signing claims to succeed, however when I try to verify the tool shows an error.

The results from the verification step seem to show it is correct, however there is an error and no explanation whatsoever about why the error exists.

Any comments or suggestions are much appreciated.

Command line to sign exe:

signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe

Results:

The following certificate was selected:
    Issued to: [my company]

    Issued by: Thawte Code Signing CA

    Expires:   4/23/2011 7:59:59 PM

    SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


Done Adding Additional Store


Attempting to sign: test.exe

Successfully signed and timestamped: test.exe


Number of files successfully Signed: 1

Number of warnings: 0

Number of errors: 0

Note that there are no errors or warnings.

Now, when I try to verify imagine my surprise:

signtool verify /v test.exe

results in:

Verifying: test.exe

SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
    Issued to: Thawte Premium Server CA

    Issued by: Thawte Premium Server CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A


        Issued to: Thawte Code Signing CA

        Issued by: Thawte Premium Server CA

        Expires:   8/5/2013 7:59:59 PM

        SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F


            Issued to: [my company]

            Issued by: Thawte Code Signing CA

            Expires:   4/23/2011 7:59:59 PM

            SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


The signature is timestamped: 4/27/2010 10:19:19 AM

Timestamp Verified by:
    Issued to: Thawte Timestamping CA

    Issued by: Thawte Timestamping CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656


        Issued to: VeriSign Time Stamping Services CA

        Issued by: Thawte Timestamping CA

        Expires:   12/3/2013 7:59:59 PM

        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D


            Issued to: VeriSign Time Stamping Services Signer - G2

            Issued by: VeriSign Time Stamping Services CA

            Expires:   6/14/2012 7:59:59 PM

            SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE



Number of files successfully Verified: 0

Number of warnings: 0

Number of errors: 1
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try Signtool verify /v /pa foo.exe

    From Using SignTool to Verify a File Signature (emphasis is mine)

    SignTool verify MyControl.exe

    If the preceding example fails, it
    could be that the signature used a
    code-signing certificate    . SignTool
    defaults to the Windows driver policy
    for verification.

    The following command verifies the
    signature, using the default
    authentication verification policy:

    SignTool verify /pa MyControl.exe

    • 0