Share via

Cross signing with Sectigo certificate doesn't work.

Jimmy_Lee 6 Reputation points
2021-11-01T06:12:29.703+00:00

To cross sign our module/app instead of /INTEGRITYCHECK, our company purchased a Sectigo certificate for code signing.

And tried to cross sign with the Sectigo cert and a public cross signing cert using SingTool but failed as attached bitmap

Signtool Error: The provided cross certificates would not be present in the certificate chain.

Anyone can answer me that you can still success to cross sign with the Sectigo or not?
If you can still success to cross sign, what's different from our command?

145365-image.png

Windows for business | Windows Client for IT Pros | Devices and deployment | Other
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chris Bockner 1 Reputation point
    2021-11-05T18:15:13.33+00:00

    I am seeing the same thing with a replacement Sectigo EV cert. Not sure if I'm missing a step setting up the new one.

  2. Chris Bockner 1 Reputation point
    2021-11-08T00:46:00.723+00:00

    Was able to get this working. It was the signtool options I was using. Just go with the suggested from Sectigo and you should be fine.

  3. Chris Bockner 1 Reputation point
    2021-11-08T00:54:09.443+00:00

    I should have added the command:

    ".\tools\signtool.exe" sign /v /debug /tr http://timestamp.comodoca.com /td sha256 /fd sha256 /n "NAME ON CERT" %1

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.