I'm trying to sign a Silverlight 4 OOB application (XAP file).
I use the following command:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe" sign /v /f path\to\FILENAME.pfx /p PWD path\to\FILENAME.xap
and I get the response:
The following certificate was selected:
Issued to: COMPANY NAME
Issued by: Thawte Code Signing CA
Expires: Wed Dec 01 00:59:59 2010
SHA1 hash: AE57AF01180BF995C7C5B01E235F296CCF611111
Done Adding Additional Store
Successfully signed: FILENAME.xap
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
But the XAP file is not signed.
If I view properties in explorer there are no 'Digital Signatures' listed. And if I try and install it I get the unverified dialog.
If I use exactly the same command but for a dll file, the signing works fine and I can see the digital signature applied to the file.
What could be the cause of this?
Do I need a different version of signtool.exe
?
If it matters, the PFX was originally exported from an XP machine and I'm trying to run this on a Win7 machine (for dev) and a Win2008 server (build machine) and get the same behaviour on both.
Edit:
If I verify the certificate of the signed DLL I get the following:
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
So it looks like I need to install some root certificates.
However, I'm not sure that explains why the XAP file doesn't report any certificate being added.