问题
I've been signing compiled apps for several months and have a script that calls the Windows 10 SDK signtool. It's been working fine on two different computers and my certificate is valid. Today, I just started getting an "Unexpected internal error" with the error number listed above. I tried disabling antivirus which helped in this case but not mine.
My app is written in Delphi but I don't think that matters as this same problem was reported on Microsoft's Developer Community under Visual Studio. I had been using version 10.0.18362.0 of the SDK but after getting this error, found there's an update and tried version 10.0.19041.0 but got the same error.
Anyone else with this problem? Any suggestions?
回答1:
Same here. The issue was the demise of the comodoca.com timestamp server.
I switched to using DigiCert:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe" sign /tr http://timestamp.digicert.com ...
UPDATE 2 (perplexed nailed it) comodoca.com actually still works fine, you just need to add a /td sha256 switch to your signtool.exe command, like this:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe" sign /tr http://timestamp.comodoca.com /td sha256 ...
It seems DigiCert is throttling the number of timestamps they give out anyway, so I had to switch back. BTW note that you can still use any digital cert from any cert authority, it doesn't have to be from DigiCert to use their timestamp server.
回答2:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool.exe" sign /tr http://timestamp.sectigo.com/?td=sha256 /td sha256 ....
the /?td=sha256 actually working, but recommend using their new domain name http://timestamp.sectigo.com and need add extra parameter /td sha256
来源:https://stackoverflow.com/questions/62161135/signersign-failed-2146869243-0x80096005