Microsoft KB Archive/822501

= File signing tool (Signcode.exe) fails when you use the &quot;-$ Commercial&quot; option =

Article ID: 822501

Article Last Modified on 5/25/2007

-

APPLIES TO


 * Microsoft Visual Studio 2005 Professional Edition
 * Microsoft Visual Studio 2005 Standard Edition
 * Microsoft Visual Studio .NET 2003 Professional Edition
 * Microsoft Visual Studio .NET 2003 Enterprise Architect
 * Microsoft Visual Studio .NET 2003 Enterprise Developer
 * Microsoft Visual Studio .NET 2003 Academic Edition
 * Microsoft Visual Studio .NET 2002 Enterprise Architect
 * Microsoft Visual Studio .NET 2002 Enterprise Developer
 * Microsoft Visual Studio .NET 2002 Professional Edition
 * Microsoft Visual Studio .NET 2002 Academic Edition

-





SYMPTOMS
When you try to sign files with the Signcode.exe command-line utility by using the -$ commercial command-line option, you may receive the following error message:

Error: The certificate does not have the correct signing authority.

Error: Signing Failed. Result = 80028ca0, (-2147316576)



CAUSE
When the -$ commercial option is used with an individual software publisher certificate, signing fails. (That is, if the certificate type is &quot;Individual Only&quot; or &quot;None,&quot; signing fails with the -$ commercial command-line option.)



RESOLUTION
The -$ command-line option has two possible values: commercial or individual. These values correspond to different types of certificates that were issued by VeriSign in the past. VeriSign no longer distinguishes between the two certificates. All certificates are considered commercial. Therefore, you do not have to use the -$ commercial command-line option anymore.



STATUS
This behavior is by design.



Steps to reproduce the behavior
 Start Visual Studio .NET 2003 or Visual Studio 2005 Command Prompt.  Create an X.509 certificate and a private key file by using the Certificate Creation tool (Makecert.exe). Type the following command at the command prompt: makecert -sv testCert.pvk testCert.cer   Create a test SPC certificate by using the Software Publisher Certificate Test tool (Cert2spc.exe). Type the following command at the command prompt: cert2spc testCert.cer testCert.spc   Sign the required component or assembly by using the File Signing tool (Signcode.exe). Type the following command at the command prompt: signcode /spc testCert.spc /v testCert.pvk -$ commercial test.exe 

You receive the error that is described in the &quot;Symptoms&quot; section of this article.

Note:
 * The Certificate Creation tool (Makecert.exe) generates X.509 certificates for testing purposes only. This tool creates a public and private key pair for digital signatures, and then stores it in a certificate file.
 * The Software Publisher Certificate Test tool (Cert2spc.exe) creates a software publisher certificate from one or more X.509 certificates for test purposes only.

<div class="references_section">