Why I get "The specified PFX password is not correct" when trying to sign application with signtool?

pfx signtool
Maxim Shoustin picture Maxim Shoustin · Apr 18, 2013 · Viewed 16.7k times · Source

I followed this link to sign my exe application.

  • I installed SDK tool on Windows 7,

  • run C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin>makecert.exe -sv App-O.pvk -n "CN=MY DIGITAL KEY" App-O.cer

Dialog opened to provide password:

enter image description here

I wrote password : 'fess'

new window opened:

enter image description here

I entered: 'fess'

#Succeeded

files App-O.cer and App-O.pvk creaded.

now I generate pfx:

pvk2pfx.exe -pvk App-O.pvk -spc App-O.cer -pfx App-O.pfx

Dialog opened to provide password:

enter image description here

i pasted 'fess'

file pfx created.

Now i run signtool:

 C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin>signtool.exe sign /f "App-O.pfx" /p fess "C:\Output\setup.exe"

Here I got the error:

SignTool Error: The specified PFX password is not correct.

Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1

What did I miss?

BTW, the same error I get from CMD shell of Windows SDK.

Thanks,

Answer

Maxim Kolesnikov picture Maxim Kolesnikov · Apr 20, 2013

There are a couple of problems.

First of all you are using self-signed certificate, so you should define it explicitly by adding -r key to makecert command or you'll get an error "The signer's certificate is not valid for signing" at sign step.

Next, at this step

signtool.exe sign /f "App-O.pfx" /p fess "C:\Output\setup.exe"

you are trying to open pfx using password "fess". But you actually didn't set any password for pfx file. To do it you should add -po key to pfx creation command.

After that you can sign your application.

So the correct process will be:

makecert.exe -sv App-O.pvk -n "CN=MY DIGITAL KEY" App-O.cer -r

pvk2pfx.exe -pvk App-O.pvk -spc App-O.cer -pfx App-O.pfx -po fess

signtool.exe sign /f "App-O.pfx" /p fess "C:\Output\setup.exe"

Here is some useful links:

Related questions

Convert .pfx to .cer

Is it possible to convert a .pfx (Personal Information Exchange) file to a .cer (Security Certificate) file? Unless I'm mistaken, isn't a .cer somehow embedded inside a .pfx? I'd like some way to extract it, if possible.

Read More
Converting pfx to pem using openssl

How to generate a .pem CA certificate and client certificate from a PFX file using OpenSSL.

Read More
Cannot import the keyfile 'blah.pfx' - error 'The keyfile may be password protected'

We just upgraded our Visual Studio 2008 projects to Visual Studio 2010. All of our assemblies were strong signed using a Verisign code signing certificate. Since the upgrade we continuously get the following error: Cannot import the following key file: companyname.pfx. …

Read More