stackoom
  简体   繁体   中英

How do I fix “an error occurred while attempting to load the signing certificate from” a PFX file?

 原文  2011-12-21 14:11:35       windows/ security/ ssh

Question

I have signtool.exe on a Windows XP Professional box with .NET 1.1. The version displayed in the properties dialog says 5.2.3790.2568.

I also have Cygwin with OpenSSH installed on the same machine. Anyway, when I run the tool locally - everything is OK, observe: 

D:\WORK\workspace>type 1.cmd
d:\work\workspace\VE\CodeSign\signtool.exe sign /f d:\work\workspace\VE\CodeSign\Shunra.pfx /p "shunrail" /t http://timestamp.verisign.com/scripts/tim
stamp.dll /du "www.shunra.com" /v "d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll"

D:\WORK\workspace>1.cmd

D:\WORK\workspace>d:\work\workspace\VE\CodeSign\signtool.exe sign /f d:\work\workspace\VE\CodeSign\Shunra.pfx /p "shunrail" /t http://timestamp.verisi
gn.com/scripts/timstamp.dll /du "www.shunra.com" /v "d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll"
The following certificate was selected:
    Issued to: Shunra Software Ltd.
    Issued by: VeriSign Class 3 Code Signing 2009-2 CA
    Expires:   6/3/2013 1:59:59
    SHA1 hash: DE4A79909D95FCFB16DA8BFE4251C5FC88659FFA

Done Adding Additional Store

Attempting to sign: d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll
Successfully signed and timestamped: d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

D:\WORK\workspace>

Now, I try to run the same command from another machine through SSH. Observe: 

markk@Dev-Builder /cygdrive/d
$ ssh builder@vm-builder /cygdrive/c/WINDOWS/system32/cmd.exe /c d:\\\\WORK\\\\workspace\\\\1.cmd

C:\cygwin\home\builder>d:\work\workspace\VE\CodeSign\signtool.exe sign /f d:\work\workspace\VE\CodeSign\Shunra.pfx /p "s
hunrail" /t http://timestamp.verisign.com/scripts/timstamp.dll /du "www.shunra.com" /v "d:\work\workspace\VE\ShunraInsta
llationServices\lib\net\Release\ShunraInstallationServices.dll"

Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1
SignTool Error: IStore2::Load returned error: 0x80090345
        The requested operation requires delegation to be enabled on the machine.
SignTool Error: An error occurred while attempting to load the signing
        certificate from: d:\work\workspace\VE\CodeSign\Shunra.pfx

markk@Dev-Builder /cygdrive/d
$

The user used in both cases is the same. Indeed, on the first machine: 

D:\WORK\workspace>echo %USERNAME% %USERDOMAIN%
builder SHUNRANET

D:\WORK\workspace>c:\utils\PsLoggedon.exe

PsLoggedon v1.34 - See who's logged on
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Users logged on locally:
     11/21/2011 4:53:01         SHUNRANET\builder

No one is logged on via resource shares.

D:\WORK\workspace>

And now on the second machine the same commands through SSH: 

markk@Dev-Builder /cygdrive/d
$ ssh builder@vm-builder /cygdrive/c/WINDOWS/system32/cmd.exe /c echo %USERNAME% %USERDOMAIN%
builder SHUNRANET

markk@Dev-Builder /cygdrive/d
$ ssh builder@vm-builder /cygdrive/c/utils/PsLoggedon.exe
Users logged on locally:
     11/21/2011 4:53:01         SHUNRANET\builder

No one is logged on via resource shares.

PsLoggedon v1.34 - See who's logged on
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


markk@Dev-Builder /cygdrive/d
$

What is going on?

Edit

I have inserted the pause command into the 1.cmd batch file, which has permitted me to open the properties dialog for the respective cmd.exe process inside the Process Explorer. The story told by the Security tab for the locally run cmd.exe is different from that for the cmd.exe ran remotely through SSH.

The Security tab for the locally run cmd.exe (I had to concatenate the privilege values, because the UI did not allow to resize that portion of the window):

在此处输入图片说明

Now the same dialog for the cmd.exe run through SSH from a different machine:

在此处输入图片说明

1 answers

solution1
 1  2011-12-21 20:05:43

I found the post Re: Cygwin ssh session privileges differ from console privileges? , which states:

The bottom line is, if you need all the user's access rights use password authentication

And indeed, signtool.exe succeeds after I have changed the ssh configuration on the target machine to ask for the user password.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I convert a pem to pfx file? How to create .pfx file from certificate and private key? How do I fix - net use “System error 67 has occurred.” How do I resolve the operation not permitted error while attempting to install react? How to get .pfx file from .cer and .key? What certificate do I need for Windows driver signing? Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows SignTool Error: File not found - pfx How to fix Error: listen EADDRINUSE while using nodejs isn't working, what else can I do? Can exe file Install pfx file in Windows Certificate Store With Python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM