Azure Trusted Signing SignTool Error: Multiple certificates were found that meet all the given criteria. Use the /a option to allow SignTool to choose the best certificate automatically or use the /sha1 option with the hash of the

Question

I am trying to locally sign an exe my command in Powershell is :

.\signtool.exe sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "C:\Users\Jacob\Desktop\microsoft.trusted.signing.client.1.0.86\bin\x64\Azure.CodeSigning.dll" /dmdf "C:\Users\Jacob\Desktop\metadata.json" "C:\Users\Jacob\Desktop\MyApp.exe"

but I get the error when running the command : SignTool Error: Multiple certificates were found that meet all the given criteria. Use the /a option to allow SignTool to choose the best certificate automatically or use the /sha1 option with the hash of the

I am logged in with azure cli, if I call

az account show

my data pops up proving I am logged in before running the signtool : {

"environmentName": "AzureCloud",

"homeTenantId": "e8...",

"id": "179...",

"isDefault": true,

"managedByTenants": [],

"name": "Azure subscription 1",

"state": "Enabled",

"tenantDefaultDomain": "j...hotmail.onmicrosoft.com",

"tenantDisplayName": "Default Directory",

"tenantId": "e8...",

"user": {

"name": "******@hotmail.com",

"type": "user"
```  }

}

What am I doing wrong? 

Answer 1

Tried the mitigation steps from in here: https://learn.microsoft.com/en-us/azure/trusted-signing/faq#common-error-codes-and-mitigations

Answer 2

Figured it out, had to run Powershell as Admin and the major issue in my command :

I was using this which is wrong :

Azure.CodeSigning.dll

I need to use Azure.CodeSigning.Dlib.dll