我正在使用Visual Studio 2013 Ultimate来构建不同的VB .Net应用程序。
要签署我的软件,我首先在Linux机器上创建了一个证书颁发机构。使用这个CA我签了一个中间权限,我用来签署代码签名证书。
然后我将我的代码签名证书转换为pfx文件并包含整个证书链并在Windows上检查:
C:\Windows\System32>certutil -dump C:\Users\Marc\Desktop\codesigning.pfx
Enter PFX password:
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: a3f1a753378e4c2a
Issuer: E=contact@marcsn.de, CN=Marc SN Root CA, OU=Marc SN Certifica
te Authority, O=Marc SN, S=North Rhine-Westphalia, C=DE
NotBefore: 20.04.2017 20:25
NotAfter: 10.04.2057 20:25
Subject: E=contact@marcsn.de, CN=Marc SN Root CA, OU=Marc SN Certific
ate Authority, O=Marc SN, S=North Rhine-Westphalia, C=DE
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 0c 2b 39 fb 9d 25 fa 80 d6 49 a1 80 6a c2 0b 03 19 27 80 33
---------------- End Nesting Level 1 ----------------
No key provider information
Encryption test FAILED
================ Certificate 1 ================
================ Begin Nesting Level 1 ================
Element 1:
Serial Number: 1000
Issuer: E=contact@marcsn.de, CN=Marc SN Root CA, OU=Marc SN Certifica
te Authority, O=Marc SN, S=North Rhine-Westphalia, C=DE
NotBefore: 20.04.2017 20:43
NotAfter: 05.01.2037 20:43
Subject: E=contact@marcsn.de, CN=Marc SN Intermediate CA, OU=Marc SN
Certificate Authority, O=Marc SN, S=North Rhine-Westphalia, C=DE
Non-root Certificate
Cert Hash(sha1): ef c3 d0 68 35 a7 21 cd 4f a2 c7 a5 1b cc 17 da 11 bd 94 ec
---------------- End Nesting Level 1 ----------------
No key provider information
Encryption test FAILED
================ Certificate 2 ================
================ Begin Nesting Level 1 ================
Element 2:
Serial Number: 1000
Issuer: E=contact@marcsn.de, CN=Marc SN Intermediate CA, OU=Marc SN C
ertificate Authority, O=Marc SN, S=North Rhine-Westphalia, C=DE
NotBefore: 20.04.2017 22:35
NotAfter: 30.04.2018 22:35
Subject: E=contact@marcsn.de, CN=contact@marcsn.de, OU=Marc SN Softwa
re Development, O=Marc SN, S=North Rhine-Westphalia, C=DE
Non-root Certificate
Cert Hash(sha1): f2 f5 74 bb 1f 1b f2 19 0f 06 f2 ae 52 e4 01 0e 60 a7 25 bf
---------------- End Nesting Level 1 ----------------
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
CertUtil: -dump command completed successfully.
我还将根证书安装到Windows证书库中:
在最后一步中,我将证书导入Visual Studio。它提示我输入密码并导入证书没有任何问题。但是,当我在Visual Studio中查看详细信息时,证书路径仅显示我的签名证书,而不是我的根证书和我的中级证书。
当我尝试发布我的应用程序时,Visual Studio会抛出以下错误:
2>C:\Program Files (x86)\MSBuild\12.0\bin\Microsoft.Common.CurrentVersion.targets(4755,5): error MSB3482: Fehler beim Signieren: A certificate chain could not be built to a trusted root authority.
我认为发生此错误,因为Visual Studio忽略了证书中包含的证书链(如上面的certutil输出中所示)。有谁知道如何解决这个错误?