1

I have generated a self-signed certificate and installed it to Root and My in the local machine. When I view the General tab of the certificate dialog in windows it says the certificate is intended for the following purposes:

All issuance policies
All application policies

Yet when I try to sign it with Set-AuthenticodeSignature I get the error:

Set-AuthenticodeSignature : Cannot sign code. The specified certificate is not suitable for code signing.

Doesn't 'All issuance policies' and 'All application policies' include code signing? What am I missing here?

Mike Cheel
  • 12,626
  • 10
  • 72
  • 101
  • I am not use, but you'll need the OID "1.3.6.1.5.5.7.3.3" for code signing. Within the Certificates I own they are listed explictly. To chain of OIDs for code signing is: http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.3.html – Dennis Alexander Jul 17 '13 at 13:23
  • I took a cert I generated and edited the properties to only have the code signing and it still didn't work. – Mike Cheel Jul 17 '13 at 14:21
  • Did you imported the "parent" Certificate as a "Trusted Publisher", or can you please add your Certificate to the "Trusted Publisher" Group? I am not sure, i had a similar issue with a self signed executable that just works correctly when I added it to TP. – Dennis Alexander Jul 17 '13 at 16:26
  • I used a sample makecert commandline that I found but that is something I will try when I get a chance – Mike Cheel Jul 17 '13 at 17:15
  • This was answered here: http://stackoverflow.com/questions/84847/how-do-i-create-a-self-signed-certificate-for-code-signing-on-windows – JonnyG Apr 28 '14 at 15:47

0 Answers0