Incorrect cert used for signing script

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
JohnMoe
Posts: 13
Joined: Sun Apr 15, 2018 11:36 pm

Incorrect cert used for signing script

Post by JohnMoe » Mon Sep 23, 2019 6:11 pm

Product, version and build: SAPIEN PowerShell Studio 2019 Version 5.6.167
32 or 64 bit version of product: 64-bit
Operating system: Windows 10 1903 build 18362.295
32 or 64 bit OS: 64-bit

I've selected my code signing certificate in the Options dialog, but when I click the "Sign Script" button and check the signature, it appears PowerShell Studio is using a different certificate in my certificate store to sign the script. If I manually sign it using my certificate, Get-AuthenticodeSignature shows the correct cert.

01-options.png
01-options.png (70.52 KiB) Viewed 634 times
02-AuthenticodeSignature-Wrong.png
02-AuthenticodeSignature-Wrong.png (44.94 KiB) Viewed 634 times
03-AuthenticodeSignature-Correct.png
03-AuthenticodeSignature-Correct.png (46.58 KiB) Viewed 634 times

Let me know if you need further info. Cheers,

John Moe

User avatar
Alexander Riedel
Posts: 7049
Joined: Tue May 29, 2007 4:43 pm

Re: Incorrect cert used for signing script

Post by Alexander Riedel » Mon Sep 23, 2019 10:29 pm

Please open the corresponding .psbuild file with a text editor and see if the PFXThumbPrint field has an entry.
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
brittneyr
Site Admin
Posts: 187
Joined: Thu Jun 01, 2017 7:20 am

Re: Incorrect cert used for signing script

Post by brittneyr » Tue Sep 24, 2019 8:46 am

Thank you for reporting this issue. I have been able to replicate this and have filed an internal bug report. When I have more information, I'll post here.
Brittney Ryn
SAPIEN Technologies, Inc.

User avatar
JohnMoe
Posts: 13
Joined: Sun Apr 15, 2018 11:36 pm

Re: Incorrect cert used for signing script

Post by JohnMoe » Tue Sep 24, 2019 4:31 pm

Hi Alexander,

Sorry, I'm not sure what you mean? I have a .ps1 file, and I sign it, which adds the signature as text to the bottom of the same .ps1 file? There's no other files involved? Unless this is a product config file, in which case, where do I find that?

Hi brittneyr,

Thanks for that, I look forward to hearing more. :-)

Cheers,

John Moe

User avatar
brittneyr
Site Admin
Posts: 187
Joined: Thu Jun 01, 2017 7:20 am

Re: Incorrect cert used for signing script

Post by brittneyr » Wed Sep 25, 2019 9:04 am

This issue has been resolved and will be in the next service release (5.6.168).
It is caused when there are certificates with the same common name (CN).
Brittney Ryn
SAPIEN Technologies, Inc.

User avatar
JohnMoe
Posts: 13
Joined: Sun Apr 15, 2018 11:36 pm

Re: Incorrect cert used for signing script

Post by JohnMoe » Wed Sep 25, 2019 3:05 pm

Hi brittneyr,

Thanks for the update and the info. I had a look at my certs, given your info about having the same CN, but unfortunately, I can't change either certificate that has that CN; one is from a vendor to communicate with them, and the other is already pushed out to every system in our domain, so my code is trusted. I'll just have to wait for the updated version and keep signing manually for now. :-)

I don't suppose you have any ETA on that release yet? Otherwise, I'll just keep an eye out for when PSP tells me an update is available.

Cheers,

John Moe