Page 1 of 1
Code Signing Cert not selectable after upgrade
Posted: Fri May 14, 2021 10:26 am
by EnergySmithe
Upgraded from Powershell Studio 2020 to 2021:
Product: PowerShell Studio 2021 (64 Bit)
Build: v5.8.188
OS: Windows 10 Enterprise (64 Bit)
Build: v10.0.18363.0
File->Options->Powershell-> Certificate in Local Store - click button to "Open your Certificate Store to view installed certificates"
Get this message:
"Windows Security
Powershell Studio.exe
No certificate available
No certificates meet the application criteria.
Click ok to continue"
Click OK - nothing happens.
This was working immediately before I updated from 2020 to 2021. Nothing changed other than that update. I validate the cert is in the same place. mmc shows cert still exists and is valid for another year.
Did the "application criteria" or location where the certs need to be installed change?
Please help.
Re: Code Signing Cert not selectable after upgrade
Posted: Fri May 14, 2021 1:25 pm
by EnergySmithe
Ok - Fine.
1) Removed existing code signing certs from everywhere (Localhost and the user)
2) Got new brand new code signing cert issued and installed for the user only
3) Cert now appears and can be selected
4) Attempt to Deploy Package to EXE and get "Signing with certificate failed : ASN1 bad tag value met."
5) Try using the old cert to sign in Visual Studio 2019. Works
6) Try using the new cert to sign in Visual Studio 2019. Works
7) Try manually signing using the new cert with powershell after compiling:
Code: Select all
Set-AuthenticodeSignature -FilePath .\bin\x64\mytest.exe -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert) -TimestampServer "http://timestamp.globalsign.com/scripts/timstamp.dll/?signature=sha2"
... That WORKS. Try re-selecting the new cert in the package manager signing section, save and package. Fails with "ASN1 bad tag value met."
I guess I have a workaround, but I would really like to know what options your passing to get the "ASN1 bad tag value met" for BOTH the old and new certs.
Re: Code Signing Cert not selectable after upgrade
Posted: Fri May 14, 2021 2:47 pm
by brittneyr
From your original post, that appears to be a Windows error about what certificates are appearing available in your certificate store.
Certificate store is a Windows dialog, it is not something we have control over. The following links might be helpful:
https://docs.microsoft.com/en-us/answer ... teria.html
https://social.msdn.microsoft.com/Forum ... pps&ppud=4
As for your second post, are you able to sign a script from PowerShell Studio? Does this error only happen when packaging?
Re: Code Signing Cert not selectable after upgrade
Posted: Fri May 14, 2021 2:54 pm
by Alexander Riedel
The "ASN1 bad tag value met." error is usually caused by the time stamp server. Select a different time stamp server url.
Re: Code Signing Cert not selectable after upgrade
Posted: Mon May 17, 2021 5:49 am
by EnergySmithe
BrittneyR - I could not sign anything - powershell scripts or generated executables - using Sapien Powershell Studio 2021. However - in testing this morning, I think Alexander Riedel is correct - If I remove the timestamp URL completely then I am able to sign things. As soon as I select any of them, it fails with the "ASN1 bad tag value met.". The security context I run powershell studio from does not have internet access. I am guessing that is the problem.
Thank you Both
Re: Code Signing Cert not selectable after upgrade
Posted: Mon May 17, 2021 6:09 am
by Alexander Riedel
Yeah that would do it. Before you simply omit the time stamp, please refer to this:
https://www.sapien.com/blog/2021/04/05/ ... -a-script/