0

Its bit of learning ride so far so not sure if I have got full understanding of the subject. I will give it a try to explain the problem: I need to sign a EXE file using the code signing certificate which was requested using YubiKey CSR. Since I have got the certificate and the private key is only present on the Yubikey device (attached to my laptop), I am trying to use the below command to sign the EXE after installing the certificate under my certificate store on Windows 10 laptop. signtool sign /fd SHA256 "Installer.exe"

It did sign however not using the certificate but with some certificate with CN = SecurityDepartment.

I am not sure what exactly the command should be to use the certificate I bought to sign using the HSM key token.

Thanks in advance for any help!

ankur kapoor
  • 1
  • Google Bing OR DDG "windows signtool yubikey" points me instantly (<1 sec) to https://support.yubico.com/hc/en-us/articles/360016614840-Code-Signing-with-the-YubiKey-on-Windows . – dave_thompson_085 Aug 16 '23 at 21:23
  • thanks @dave_thompson_085. I have already looked at that article but unfortunately it only talks about ".pfx" certificates. Starting June 1 2023, we are no longer issued certificates in ".pfx" format. Instead we only get ".crt" certificates. – ankur kapoor Aug 17 '23 at 09:31
  • With help from Sectigo (certificate provider) finally got to know that I am missing a Mini driver installer (for Windows) - https://www.yubico.com/support/download/smart-card-drivers-tools/ Once installed, the certificate was visible under Cert Store on my laptop. – ankur kapoor Aug 24 '23 at 16:26

0 Answers0