問題描述
SignTool 錯誤:訪問被拒絕 (SignTool error: Access is denied)
I am trying to authenticode sign a .NET application with a new code signing certificate on Windows Server 2008 R2 x64 with VS2010 installed, but SignTool keeps responding with Access is denied:
SignTool.exe sign /v /a /sha1 <thumbprint> MyApplication.exe
The following certificate was selected:
Issued to: <redacted>
Issued by: VeriSign Class 3 Code Signing 2010 CA
Expires: Thu Jun 28 01:59:59 2012
SHA1 hash: <thumbprint>
Done Adding Additional Store
SignTool Error: Access is denied.
SignTool Error: An error occurred while attempting to sign: MyApplication.exe
Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1
The certificate is installed to the user's personal store and the user is member of the local Administrators group. I also tried signing using the .pfx file but kept getting the same error. Disabling the UAC prompt showed no effect either.
Any ideas?
‑‑‑‑‑
參考解法
方法 1:
I also had this pb to use signtool.exe with windows 8. To resolve, you have to run cmd.exe directly from c:\windows\system32\cmd.exe clicking "Run as administrator".
方法 2:
What solved it for me was realising that my exe was read‑only. Removing write‑protection allowed SignTool to do its job with no further issues.
(Credit: eselk's comment at SignTool error: Access is denied)
方法 3:
The reason was that private key protection was enabled, but unless running the command prompt as Administrator, the corresponding "An application is requesting access to a protected Item." prompt did not appear.
To resolve the issue, I had to delete certificate and key, and then reimport it from the .pfx file, this time not selecting the strong private key protection option.
方法 4:
I had the same problem, but in my case I was trying to run from the windows service which was running under LocalSystem account. Changing it to regular account solved the issue.
(by Thomas Gerstendörfer、Bellenger JP、butterflyknife、Thomas Gerstendörfer、Andrey Marchuk)