What I want to achieve?
Code sign my VSTO Outlook Plugin using Visual Studio 2022. I follow these instructions: https://learn.microsoft.com/en-us/visualstudio/vsto/how-to-sign-office-solutions?view=vs-2022
Environment
- Windows 11 (German), Visual Studio 2022 17.6.0
- USB Hardware Token (Sectigo eToken 5110, Card Type IDPrime)
- SafeNet Authentication Client 10.8 R8
What is the problem?
Choosing the Sectigo Certificate for signing my code fails:
The German text says something like this:
The requested operation cannot be performed with the smart card or another smart card is required for the operation
What I already tried
I successfully installed SafeNet Authentication Client. I successfully changed the password. Furthermore, I can successfully run certutil -scinof (it pops up the SafeNet Client and asks for the password, which I can enter so that certutil shows success).
The certificate is available under my windows (user certificates):
What actually seems to work is to use code signing from the cmd line like described by sectigo (https://www.sectigo.com/knowledge-base/detail/Code-Signing-with-an-OV-or-an-EV-Code-Signing-Certificate/kA03l000000c4TX):
signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /a "C:\Users\heckner\source\repos\xxx\build\setup.exe"
During signing process the popup saying that the smartcard is not working comes up twice, but after that a password prompt from SafeNet Client popups up and after entering the password it seems to work.
When I check the signature on the signed exe it seems ok:
The problem is that I still receive the message from Microsoft during installation of this setup like:
What could help?
- Perhaps someone can show me what to do manually to sign a VTSO Outlook plugin. Setup.exe seems not the solution.
- https://developercommunity.visualstudio.com/t/Visual-studio-doesnt-detect-digicert-co/10135932?entry=problem
I want to answer my own question as I just found out about the real problem.
First of all it is important to understand that there were already several certificates installed on my laptop.
To avoid any problems: First start SafeNet client and plugin the USB token into your laptop!
That was the reason that I received this popup when clicking on "Select certificate from store":
The reason is that (for no real reason?) Visual Studio iterates through the code-signing certificates stored on my local keystore. As there was an old certificate first selected Visual Studio was not able to find the new one from Sectigo.
What is needed next. Click on "Cancel" on each popup dialog like this one:
... until you arrive at this dialog.
Now click on "Options" (or additiona options) to open the certificate selection dialog:
Now you are the first time able to select the right certificate from the store and everything works like charm.
Boy I spent hours over hours trying to delay signing and using mage.exe. This also worked but is a very manual process!