I have a DigiCert EV Code Signing token used to sign code.
When I run signtool from a user shell, everything works fine.
However, when I run signtool from a system service it fails.
The last thing I tried was to "emulate" user shell, by doing:
$username = "USER"
$password = "PASS"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Invoke-Command -ComputerName "MYPC" -Credential $credential -ScriptBlock { signtool ... }
But this is fails as it doesn't find a private key...
The following certificates were considered:
Issued to: MY Company
Issued by: DigiCert EV Code Signing CA (SHA2)
Expires: Wed Mar 25 15:00:00 2021
SHA1 hash: 1276675218A89930DD687B82559E27D0F5F89999
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 0 certs were left.
SignTool Error: No certificates were found that met all the given criteria.
Any ideas how can I proceed here?
It seems that a "remote user" doesn't have permissions to access the private key.