我有一个DigiCert EV代码签名令牌,用于签名代码。
当我从用户外壳程序运行signtool时,一切正常。
但是,当我从系统服务运行signtool时,它将失败。
我最后尝试做的是通过执行以下操作来“模拟”用户外壳程序:
$username = "USER"
$password = "PASS"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Invoke-Command -ComputerName "MYPC" -Credential $credential -ScriptBlock { signtool ... }
但这失败了,因为它找不到私钥...
The following certificates were considered:
Issued to: MY Company
Issued by: DigiCert EV Code Signing CA (SHA2)
Expires: Wed Mar 25 15:00:00 2021
SHA1 hash: 1276675218A89930DD687B82559E27D0F5F89999
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 0 certs were left.
SignTool Error: No certificates were found that met all the given criteria.
有什么想法可以在这里继续吗?
似乎“远程用户”没有访问私钥的权限。