File signing tool (Signcode.exe) fails when you use the "-$ Commercial" option (822501)


The information in this article applies to:

  • Microsoft Visual Studio 2005 Professional Edition
  • Microsoft Visual Studio 2005 Standard Edition
  • Microsoft Visual Studio .NET (2003), Professional Edition
  • Microsoft Visual Studio .NET (2003), Enterprise Architect Edition
  • Microsoft Visual Studio .NET (2003), Enterprise Developer Edition
  • Microsoft Visual Studio .NET (2003), Academic Edition
  • Microsoft Visual Studio .NET (2002), Enterprise Architect Edition
  • Microsoft Visual Studio .NET (2002), Enterprise Developer Edition
  • Microsoft Visual Studio .NET (2002), Professional Edition
  • Microsoft Visual Studio .NET (2002), Academic Edition

SYMPTOMS

When you try to sign files with the Signcode.exe command-line utility by using the -$ commercial command-line option, you may receive the following error message:
Error: The certificate does not have the correct signing authority.
Error: Signing Failed. Result = 80028ca0, (-2147316576)

CAUSE

When the -$ commercial option is used with an individual software publisher certificate, signing fails. (That is, if the certificate type is "Individual Only" or "None," signing fails with the -$ commercial command-line option.)

RESOLUTION

The -$ command-line option has two possible values: commercial or individual. These values correspond to different types of certificates that were issued by VeriSign in the past. VeriSign no longer distinguishes between the two certificates. All certificates are considered commercial. Therefore, you do not have to use the -$ commercial command-line option anymore.

STATUS

This behavior is by design.

MORE INFORMATION

Steps to reproduce the behavior

  1. Start Visual Studio .NET 2003 or Visual Studio 2005 Command Prompt.
  2. Create an X.509 certificate and a private key file by using the Certificate Creation tool (Makecert.exe). Type the following command at the command prompt:
    makecert -sv testCert.pvk testCert.cer
  3. Create a test SPC certificate by using the Software Publisher Certificate Test tool (Cert2spc.exe). Type the following command at the command prompt:
    cert2spc testCert.cer testCert.spc
  4. Sign the required component or assembly by using the File Signing tool (Signcode.exe). Type the following command at the command prompt:
    signcode /spc testCert.spc /v testCert.pvk -$ commercial test.exe
You receive the error that is described in the "Symptoms" section of this article.

Note:
  • The Certificate Creation tool (Makecert.exe) generates X.509 certificates for testing purposes only. This tool creates a public and private key pair for digital signatures, and then stores it in a certificate file.
  • The Software Publisher Certificate Test tool (Cert2spc.exe) creates a software publisher certificate from one or more X.509 certificates for test purposes only.

REFERENCES

For more information about the File Signing tool (Signcode.exe), visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrffilesigningtoolsigncodeexe.asp

Modification Type:MajorLast Reviewed:2/10/2006
Keywords:kbvs2005swept kbvs2005applies kberrmsg kbCertServices kbPPKey kbprb KB822501 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.