Microsoft放弃对SHA-1的支持后,使用SignTool.exe使用SHA256进行签名
[英]Using SignTool.exe to sign using SHA256 after Microsoft dropped support for SHA-1
问题描述
Since MS dropped SHA-1 support we now need to sign with SHA-2. 
由于MS放弃了对SHA-1的支持,我们现在需要使用SHA-2进行签名。
I sign all dlls, exe and msi. 我签署所有dll,exe和msi。 I changed my signtool.exe call to this: 我将signtool.exe调用更改为此:
signtool.exe /f "PathToPFX.pfx" /fd SHA256 /p "password" /d "product" /du "www.site.com" /tr "http://timestamp.geotrust.com/tsa"
I dont need dual signing because we dont support < vista. 我不需要双重签名,因为我们不支持<Vista。 Im using the sign tool in the Windows 8.1 SDK 我正在使用Windows 8.1 SDK中的签名工具
The sign tool gives no errors when i call it, and when i look at the certs they look to be updated correctly: 签名工具在我调用它时不会出错,并且在查看证书时它们不会被正确更新:
But i still get the corrupt msi error when downloading through IE. 但是通过IE下载时,我仍然收到损坏的MSI错误。
Im guessing my cert needs renewing but im unsure how i can check if my pfx cert is using SHA1 or not. 我猜我的证书需要更新,但是不确定我如何检查我的pfx证书是否使用SHA1。 The cert was provided by VeriSign - Semantec are now support for this. 该证书由VeriSign提供-Semantec现在对此提供支持。
1 个解决方案
解决方案1
0 已采纳 2016-03-03 15:16:54
I talked to Semantec customer support and need to get the certificate re issued. 我与Semantec客户支持部门进行了交谈,需要重新颁发证书。
https://knowledge.symantec.com/support/ssl-certificates-support/index.html https://knowledge.symantec.com/support/ssl-certificates-support/index.html
Chat link at the top right. 聊天链接在右上角。 The new cert will be emailed to the technical contact on your companies account. 新证书将通过电子邮件发送到您公司帐户中的技术联系人。
After the reissue, i was able to solve the issue 重新发行后,我能够解决问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.