Hi,
I've got a code signing certificate (.pfx) from GlobalSign and tried to sign my extension package.
I used the ZXPSignCmd tool and got the following response:
Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file.
The necessary certificate chain is installed on my system (Windows 7):
My code signing certificate,
the certificate from GlobalSign the signed my certificate
and the GlobalSign root certificate that signed it.
The OpenSSL info output for the certificate looks fine too:
MAC Iteration 2000
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
Certificate bag
Certificate bag
Certificate bag
On the other hand signing other files with the Windows SDK Signtool works and results in a correct certificate chain (visible in the file's details).
Any idea what I might be doing wrong?
Regards
Philipp