OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Sign Tool for Azure Trusted Service Account Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)

  • Thread starter Thread starter eric-v
  • Start date Start date
E

eric-v

Guest
I'm getting this error when trying to use SignTool to sign my msix file.

I've verified I have Trusted Signing Certificate Profile Signer role assigned in Azure.

I also verified the publisher name of the AppxManifest.xml in the msix matches my certificate profile.

CN=Publisher Name, O=Organization Name, L=City, S=Province, C=CA

Following this procedure https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-signing-integrations

& "C:\temp\test\microsoft.windows.sdk.buildtools.10.0.22621.3233.nupkg\bin\10.0.22621.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\temp\test\microsoft.trusted.signing.client.1.0.53.nupkg\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "C:\temp\test\metadata.json" "C:\temp\test\my-app_1.0.128.0_x64.msix"

Trusted Signing

Version: 1.0.53

"Metadata": {

"Endpoint": "https://wus2.codesigning.azure.net",

"CodeSigningAccountName": "",

"CertificateProfileName": "",

"CorrelationId": "",

"ExcludeCredentials": []

}

Submitting digest for signing...

Unhandled managed exception

Azure.RequestFailedException: Service request failed.

Status: 403 (Forbidden)

Headers:

Date: Fri, 10 May 2024 21:09:50 GMT

Connection: keep-alive

Strict-Transport-Security: REDACTED

x-azure-ref: REDACTED

X-Cache: REDACTED

Content-Length: 0

at Azure.CodeSigning.CertificateProfileRestClient.SignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)

at Azure.CodeSigning.CertificateProfileClient.StartSignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)

at Azure.CodeSigning.Dlib.Core.DigestSigner.SignAsync(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle, CancellationToken cancellationToken)

at Azure.CodeSigning.Dlib.Core.DigestSigner.Sign(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle)

at AuthenticodeDigestSignExWithFileHandleManaged(_CRYPTOAPI_BLOB* pMetadataBlob, UInt32 digestAlgId, Byte* pbToBeSignedDigest, UInt32 cbToBeSignedDigest, Void* hFile, _CRYPTOAPI_BLOB* pSignedDigest, _CERT_CONTEXT** ppSignerCert, Void* hCertChainStore)

SignTool Error: An unexpected internal error has occurred.

Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
<p>I'm getting this error when trying to use SignTool to sign my msix file.</p>
<p>I've verified I have Trusted Signing Certificate Profile Signer role assigned in Azure.</p>
<p>I also verified the publisher name of the AppxManifest.xml in the msix matches my certificate profile.</p>
<p>CN=Publisher Name, O=Organization Name, L=City, S=Province, C=CA</p>
<p>Following this procedure
<a href="https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-signing-integrations" rel="nofollow noreferrer">https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-signing-integrations</a></p>
<p>& "C:\temp\test\microsoft.windows.sdk.buildtools.10.0.22621.3233.nupkg\bin\10.0.22621.0\x64\signtool.exe" sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\temp\test\microsoft.trusted.signing.client.1.0.53.nupkg\bin\x64\Azure.CodeSigning.Dlib.dll" /dmdf "C:\temp\test\metadata.json" "C:\temp\test\my-app_1.0.128.0_x64.msix"</p>
<p>Trusted Signing</p>
<p>Version: 1.0.53</p>
<p>"Metadata": {</p>
<p>"Endpoint": "https://wus2.codesigning.azure.net",</p>
<p>"CodeSigningAccountName": "",</p>
<p>"CertificateProfileName": "",</p>
<p>"CorrelationId": "",</p>
<p>"ExcludeCredentials": []</p>
<p>}</p>
<p>Submitting digest for signing...</p>
<p>Unhandled managed exception</p>
<p>Azure.RequestFailedException: Service request failed.</p>
<p>Status: 403 (Forbidden)</p>
<p>Headers:</p>
<p>Date: Fri, 10 May 2024 21:09:50 GMT</p>
<p>Connection: keep-alive</p>
<p>Strict-Transport-Security: REDACTED</p>
<p>x-azure-ref: REDACTED</p>
<p>X-Cache: REDACTED</p>
<p>Content-Length: 0</p>
<p>at Azure.CodeSigning.CertificateProfileRestClient.SignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)</p>
<p>at Azure.CodeSigning.CertificateProfileClient.StartSignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)</p>
<p>at Azure.CodeSigning.Dlib.Core.DigestSigner.SignAsync(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle, CancellationToken cancellationToken)</p>
<p>at Azure.CodeSigning.Dlib.Core.DigestSigner.Sign(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle)</p>
<p>at AuthenticodeDigestSignExWithFileHandleManaged(_CRYPTOAPI_BLOB* pMetadataBlob, UInt32 digestAlgId, Byte* pbToBeSignedDigest, UInt32 cbToBeSignedDigest, Void* hFile, _CRYPTOAPI_BLOB* pSignedDigest, _CERT_CONTEXT** ppSignerCert, Void* hCertChainStore)</p>
<p>SignTool Error: An unexpected internal error has occurred.</p>
<p>Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)</p>
Continue reading...
 

Latest posts

A
Replies
0
Views
1
Alvah_Franey
A
H
Replies
0
Views
1
habrewning
H
Top