This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 77%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
In Microsoft partner center > account settings > Manage certificates > +Certificate > New certificate
I fllow the 6 steps and do it, but I met an error "We encountered a problem processing the file you uploaded. Please ensure the file you sign and upload is the same file you downloaded." when I upload the signed file.
The sign command is 'signtool sign /v /fd sha256 /tr http://timestamp.digicert.com /td sha256 SignableFile.bin'
Hi @王 冲 Chong Wang,
Welcome to Microsoft Q&A!
You can first try the following command to verify the marked file, is there any error?
signtool verify /a SignableFile.bin
Thank you.
Thanks for your help,
when I use this command 'signtool verify /a SignableFile.bin', there is an error:
File: SignableFile.bin
Index Algorithm Timestamp
========================================
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Number of errors: 1
But when I use the command 'signtool verify /pa SignableFile.bin' , there is no error:
File: SignableFile.bin
Index Algorithm Timestamp
========================================
0 sha256 RFC3161
Successfully verified: SignableFile.bin
I don't know why.
Hi @王 冲 Chong Wang,
I suggest you open a free support ticket here: Contact Us. Go to Contact us tab , find Non-Technical Support - Dashboard and choose SUBMIT AN INCIDENT. You could talk to the store team directly and confirm this behavior. The store team could check the status of your account in the back end.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 24%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
We are seeing the same issue. This is something recent. We have used the same signing command in the past and it has worked fine. Also the flag "/a" for verification does not seem to use the "Default Verification Policy" and hence the error (probably trying to use the Driver Verification Policy.
Yes, it worked well last year using the same command, I have contacted Microsoft support for help now and the issue is still pending, you can have a try to submit an incident, refer here " Go to Contact us tab , find Non-Technical Support - Dashboard and choose SUBMIT AN INCIDENT "
We have opened a support request too, but no activity on it yet.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 47%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Same thing here. If anyone has solved it, please post the solution.
I have received an email update on my ticket stating that this is a known issue and is being worked on by the engineering team. Hopefully we will have a resolution soon.
Hi, @Patil, Sandeep. Thank you for your updating.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 40%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I encountered the same problem. It's astonishing that this problem has been there for months and MS did not address it yet!
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" verify /a SignableFile.bin
File: SignableFile.bin
Index Algorithm Timestamp
========================================
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Number of errors: 1
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 11%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Same issue..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 11%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EID%3C/text%3E%3C/svg%3E)
We faced the same issue. Also there is no way to delete the existing expired certificate. It seems this functionality is totally broken
@Ivan Dubynets You are correct about the broken expired cert removal. It just errors out on the dialog with some [object Object] message.
We just got confirmation from Microsoft that they have fixed the issue where the SHA256 hash signatures were being rejected for SignableFile.bin. It is accepting both SHA256 and SHA384 now.
@Patil, Sandeep. Great! Thanks for letting us know.
Can you folks try using SHA384 instead of SHA256 and try again (the /fd parameter) ? Looks like they have changed their code to reject SHA256 hash signatures for the SignableFile.bin.
Thank you so much Patil Sandeep it works with SHA384!!!!!!!!!!!!!!!!!
This issue is solved, thank you all very much for your help.🤝
Thanks
thank you! You saved a lot of time and probably release of our project!