Signing electron-builder generated package on windows fails when using self signed certificate
I have js project that ive packaged with electron-builder. I want to sign windows package with self signed certificate. My build machine is Windows Server 2019 64 bit. Node version 12.18.2 I use electron-builder 22.7.0.
Ive generated pfx file on the different windows machine using following power shell commands
New-SelfSignedCertificate -DnsName www.github.com -CertStoreLocation cert:\LocalMachine\My -type CodeSigning
$pw = ConvertTo-SecureString -String sillypassword -Force –AsPlainText
Export-PfxCertificate -cert cert:\localMachine\my\SOMELONGNUMBERFROMFIRST COMMAND -FilePath $env:USERPROFILE\Desktop\Cert.pfx -Password $pw
Ive exported CSC_LINK and CSC_KEY_PASSWORD with proper values and im running electron-builder -p always --win to publish the package.
And i got following error
Exit code: 1. Command failed: C:\Users\travis\.cache\electron-builder\winCodeSign\winCodeSign-2.6.0\windows-10\x64\signtool.exe sign /t http://timestamp.digicert.com /f C:\Users\travis\certificate_win.pfx /d My project /du https://github.com/org/myrepo /p 434b9bda7dbaf509beaef9779192a67fbe263d70af93716804959aa49662adb6 (sha256 hash) /debug C:\Users\travis\build\org\myrepo\build\win-unpacked\My project.exe
232
SignTool Error: An unexpected internal error has occurred.
233
234
Error information: "Error: Store::ImportCertObject() failed." (-2146893808/0x80090010)
235
236
SignTool Error: An unexpected internal error has occurred.
237
stackTrace=
238
Error: Exit code: 1. Command failed: C:\Users\travis\.cache\electron-builder\winCodeSign\winCodeSign-2.6.0\windows-10\x64\signtool.exe sign /t http://timestamp.digicert.com /f C:\Users\travis\certificate_win.pfx /d My project /du https://github.com/org/myrepo /p 434b9bda7dbaf509beaef9779192a67fbe263d70af93716804959aa49662adb6 (sha256 hash) /debug C:\Users\travis\build\org\myrepo\build\win-unpacked\My project.exe
239
SignTool Error: An unexpected internal error has occurred.
240
226
Error information: "Error: Store::ImportCertObject() failed." (-2146893808/0x80090010)
227
228
SignTool Error: An unexpected internal error has occurred.
247
248
at C:\Users\travis\build\org\myrepo\node_modules\builder-util\src\util.ts:129:16
229
at ChildProcess.exithandler (child_process.js:310:5)
230
at ChildProcess.emit (events.js:315:20)
245
at maybeClose (internal/child_process.js:1021:16)
246
at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)
249
From previous event:
250
at processImmediate (internal/timers.js:456:21)
251
From previous event:
258
at WinPackager.signApp (C:\Users\travis\build\org\myrepo\node_modules\app-builder-lib\src\winPackager.ts:357:27)
259
at WinPackager.doPack (C:\Users\travis\build\org\myrepo\node_modules\app-builder-lib\src\platformPackager.ts:244:16)
243
at WinPackager.pack (C:\Users\travis\build\org\myrepo\node_modules\app-builder-lib\src\platformPackager.ts:115:5)
244
at Packager.doBuild (C:\Users\travis\build\org\myrepo\node_modules\app-builder-lib\src\packager.ts:444:9)
241
at executeFinally (C:\Users\travis\build\org\myrepo\node_modules\builder-util\src\promise.ts:12:14)
242
at Packager._build (C:\Users\travis\build\org\myrepo\node_modules\app-builder-lib\src\packager.ts:373:31)
252
at Packager.build (C:\Users\travis\build\org\myrepo\node_modules\app-builder-lib\src\packager.ts:337:12)
253
at executeFinally (C:\Users\travis\build\org\myrepo\node_modules\builder-util\src\promise.ts:12:14)
254
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
I can sign it on my test machine that ive created specifically to test this behaviour, but it fails in Travis. How can i debug this situation to know what im doing wrong. Thanks
AlexS1 Answer
For self-signed certificate, you'll probably need to first check if this cert was imported to your cert store. Then verify if the subject name was set properly. electron-builder (v22.6.0 - v22.8.1) has a bug signing windows store apps: https://github.com/electron-userland/electron-builder/issues/4931, but it may or may not have any relation to your windows .exe signing.
MarshalUser contributions licensed under CC BY-SA 3.0