Code Signing Cert not selectable after upgrade

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
EnergySmithe
Posts: 12
Last visit: Mon May 17, 2021 5:49 am

Code Signing Cert not selectable after upgrade

Post by EnergySmithe »

Upgraded from Powershell Studio 2020 to 2021:

Product: PowerShell Studio 2021 (64 Bit)
Build: v5.8.188
OS: Windows 10 Enterprise (64 Bit)
Build: v10.0.18363.0

File->Options->Powershell-> Certificate in Local Store - click button to "Open your Certificate Store to view installed certificates"

Get this message:

"Windows Security
Powershell Studio.exe

No certificate available
No certificates meet the application criteria.
Click ok to continue"

Click OK - nothing happens.

This was working immediately before I updated from 2020 to 2021. Nothing changed other than that update. I validate the cert is in the same place. mmc shows cert still exists and is valid for another year.

Did the "application criteria" or location where the certs need to be installed change?

Please help.
Attachments
No Cert Available
No Cert Available
sapienpowerstudio2021cert.png (11.24 KiB) Viewed 3443 times

User avatar
EnergySmithe
Posts: 12
Last visit: Mon May 17, 2021 5:49 am

Re: Code Signing Cert not selectable after upgrade

Post by EnergySmithe »

Ok - Fine.
1) Removed existing code signing certs from everywhere (Localhost and the user)
2) Got new brand new code signing cert issued and installed for the user only
3) Cert now appears and can be selected
4) Attempt to Deploy Package to EXE and get "Signing with certificate failed : ASN1 bad tag value met."
5) Try using the old cert to sign in Visual Studio 2019. Works
6) Try using the new cert to sign in Visual Studio 2019. Works
7) Try manually signing using the new cert with powershell after compiling:

Code: Select all

Set-AuthenticodeSignature -FilePath .\bin\x64\mytest.exe -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert) -TimestampServer "http://timestamp.globalsign.com/scripts/timstamp.dll/?signature=sha2"
... That WORKS. Try re-selecting the new cert in the package manager signing section, save and package. Fails with "ASN1 bad tag value met."

I guess I have a workaround, but I would really like to know what options your passing to get the "ASN1 bad tag value met" for BOTH the old and new certs.

User avatar
brittneyr
Site Admin
Posts: 796
Last visit: Fri Jun 18, 2021 7:12 am
Answers: 15
Been upvoted: 11 times

Re: Code Signing Cert not selectable after upgrade

Post by brittneyr »

From your original post, that appears to be a Windows error about what certificates are appearing available in your certificate store.
Certificate store is a Windows dialog, it is not something we have control over. The following links might be helpful:
https://docs.microsoft.com/en-us/answer ... teria.html
https://social.msdn.microsoft.com/Forum ... pps&ppud=4

As for your second post, are you able to sign a script from PowerShell Studio? Does this error only happen when packaging?
Brittney Ryn
SAPIEN Technologies, Inc.

User avatar
Alexander Riedel
Posts: 7700
Last visit: Fri Jun 18, 2021 10:15 am
Answers: 4
Been upvoted: 10 times

Re: Code Signing Cert not selectable after upgrade

Post by Alexander Riedel »

The "ASN1 bad tag value met." error is usually caused by the time stamp server. Select a different time stamp server url.
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
EnergySmithe
Posts: 12
Last visit: Mon May 17, 2021 5:49 am

Re: Code Signing Cert not selectable after upgrade

Post by EnergySmithe »

BrittneyR - I could not sign anything - powershell scripts or generated executables - using Sapien Powershell Studio 2021. However - in testing this morning, I think Alexander Riedel is correct - If I remove the timestamp URL completely then I am able to sign things. As soon as I select any of them, it fails with the "ASN1 bad tag value met.". The security context I run powershell studio from does not have internet access. I am guessing that is the problem.

Thank you Both

User avatar
Alexander Riedel
Posts: 7700
Last visit: Fri Jun 18, 2021 10:15 am
Answers: 4
Been upvoted: 10 times

Re: Code Signing Cert not selectable after upgrade

Post by Alexander Riedel »

Yeah that would do it. Before you simply omit the time stamp, please refer to this:
https://www.sapien.com/blog/2021/04/05/ ... -a-script/
Alexander Riedel
SAPIEN Technologies, Inc.