我有一个用于签署代码的 DigiCert EV 代码签名令牌。当我signtool从用户 shell 运行时,一切正常。但是,当我signtool从系统服务运行时,它会失败。
我尝试的最后一件事是“模拟”用户外壳,方法是:
$username = "USER"
$password = "PASS"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Invoke-Command -ComputerName "MYPC" -Credential $credential -ScriptBlock { signtool ... }
但这失败了,因为它没有找到私钥......
The following certificates were considered:
Issued to: MY Company
Issued by: DigiCert EV Code Signing CA (SHA2)
Expires: Wed Mar 25 15:00:00 2021
SHA1 hash: 1276675218A89930DD687B82559E27D0F5F89999
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 0 certs were left.
SignTool Error: No certificates were found that met all the given criteria.
有什么想法可以在这里进行吗?
似乎“远程用户”没有访问私钥的权限。