I cannot sign a windows .exe on Mac OS (13.2.1) with osslsigncode. I was failing in the Godot Editor v4.0.1, so I decided to test on the command line. Using osslsigncode v2.3.0 and my mac's openssl -> LibreSSL v3.3.6.
I am not embedding the .pck with the the exported binary.
I have created a self-signed cert and .pfx file as follows:
Generate a private key for the CA
openssl genrsa -out ca.key 4096
GHenerate certificate
openssl req -config config.cnf -new -x509 -days 1826 -key ca.key -out ca.crt
Generate a private key for code signing
openssl genrsa -out codesign.key 4096
Generate a new certificate request (csr) with just a CN.
openssl req -config config.cnf -sha256 -new -key codesign.key -extensions v3_req -out codesign.csr
Create certificates based on the csr
openssl x509 -req -days 1826 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile config.cnf -set_serial 01 -out codesign.crt
Export certificates based on the csr
openssl pkcs12 -export -out codesign.pfx -inkey codesign.key -in codesign.crt -passout pass:<password>
Verify the Password
openssl pkcs12 -in codesign.pfx -noout
Using this command to sign:
osslsigncode sign -pkcs12 codesign.pfx -pass "<password>" -t http://timestamp.digicert.com -in ConversionToollBugs.exe -out Test.exe
Results in the following error and I am using the correct password:
Failed to parse PKCS#12 file: codesign.pfx (Wrong password?)
40818C0502000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Failed
Any pointers as how to fix this? Thanks in advance!