Incorrect cert used for signing script

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 4 years and 5 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
JohnMoe
Posts: 20
Last visit: Wed Dec 02, 2020 11:45 pm

Incorrect cert used for signing script

Post by JohnMoe »

Product, version and build: SAPIEN PowerShell Studio 2019 Version 5.6.167
32 or 64 bit version of product: 64-bit
Operating system: Windows 10 1903 build 18362.295
32 or 64 bit OS: 64-bit

I've selected my code signing certificate in the Options dialog, but when I click the "Sign Script" button and check the signature, it appears PowerShell Studio is using a different certificate in my certificate store to sign the script. If I manually sign it using my certificate, Get-AuthenticodeSignature shows the correct cert.

01-options.png
01-options.png (70.52 KiB) Viewed 5379 times
02-AuthenticodeSignature-Wrong.png
02-AuthenticodeSignature-Wrong.png (44.94 KiB) Viewed 5379 times
03-AuthenticodeSignature-Correct.png
03-AuthenticodeSignature-Correct.png (46.58 KiB) Viewed 5379 times

Let me know if you need further info. Cheers,

John Moe
User avatar
Alexander Riedel
Posts: 8478
Last visit: Tue Mar 26, 2024 8:52 am
Answers: 19
Been upvoted: 37 times

Re: Incorrect cert used for signing script

Post by Alexander Riedel »

Please open the corresponding .psbuild file with a text editor and see if the PFXThumbPrint field has an entry.
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
brittneyr
Site Admin
Posts: 1654
Last visit: Wed Mar 27, 2024 1:54 pm
Answers: 39
Been upvoted: 30 times

Re: Incorrect cert used for signing script

Post by brittneyr »

Thank you for reporting this issue. I have been able to replicate this and have filed an internal bug report. When I have more information, I'll post here.
Brittney
SAPIEN Technologies, Inc.
User avatar
JohnMoe
Posts: 20
Last visit: Wed Dec 02, 2020 11:45 pm

Re: Incorrect cert used for signing script

Post by JohnMoe »

Hi Alexander,

Sorry, I'm not sure what you mean? I have a .ps1 file, and I sign it, which adds the signature as text to the bottom of the same .ps1 file? There's no other files involved? Unless this is a product config file, in which case, where do I find that?

Hi brittneyr,

Thanks for that, I look forward to hearing more. :-)

Cheers,

John Moe
User avatar
brittneyr
Site Admin
Posts: 1654
Last visit: Wed Mar 27, 2024 1:54 pm
Answers: 39
Been upvoted: 30 times

Re: Incorrect cert used for signing script

Post by brittneyr »

This issue has been resolved and will be in the next service release (5.6.168).
It is caused when there are certificates with the same common name (CN).
Brittney
SAPIEN Technologies, Inc.
User avatar
JohnMoe
Posts: 20
Last visit: Wed Dec 02, 2020 11:45 pm

Re: Incorrect cert used for signing script

Post by JohnMoe »

Hi brittneyr,

Thanks for the update and the info. I had a look at my certs, given your info about having the same CN, but unfortunately, I can't change either certificate that has that CN; one is from a vendor to communicate with them, and the other is already pushed out to every system in our domain, so my code is trusted. I'll just have to wait for the updated version and keep signing manually for now. :-)

I don't suppose you have any ETA on that release yet? Otherwise, I'll just keep an eye out for when PSP tells me an update is available.

Cheers,

John Moe
User avatar
brittneyr
Site Admin
Posts: 1654
Last visit: Wed Mar 27, 2024 1:54 pm
Answers: 39
Been upvoted: 30 times

Re: Incorrect cert used for signing script

Post by brittneyr »

Service build 5.6.168 has been released. Please let me know if this resolves your issue.

You may need to reset the certificate you want to sign with in options.
Brittney
SAPIEN Technologies, Inc.
User avatar
JohnMoe
Posts: 20
Last visit: Wed Dec 02, 2020 11:45 pm

Re: Incorrect cert used for signing script

Post by JohnMoe »

Hi Brittney,

Thanks for letting me know, I'll download it now and let you know how I go. :-)

Cheers,

John Moe
User avatar
JohnMoe
Posts: 20
Last visit: Wed Dec 02, 2020 11:45 pm

Re: Incorrect cert used for signing script

Post by JohnMoe »

Hi Brittney,

PowerShell Studio does indeed sign with the correct cert now. Thanks for your assistance. :-)

Cheers,

John Moe
This topic is 4 years and 5 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.