Its bit of learning ride so far so not sure if I have got full understanding of the subject. I will give it a try to explain the problem: I need to sign a EXE file using the code signing certificate which was requested using YubiKey CSR. Since I have got the certificate and the private key is only present on the Yubikey device (attached to my laptop), I am trying to use the below command to sign the EXE after installing the certificate under my certificate store on Windows 10 laptop. signtool sign /fd SHA256 "Installer.exe"
It did sign however not using the certificate but with some certificate with CN = SecurityDepartment.
I am not sure what exactly the command should be to use the certificate I bought to sign using the HSM key token.
Thanks in advance for any help!
You should explicitly specify the certificate you want to sign with via its thumbprint by using the /sha1 switch. You can get the thumbprint by double clicking on the certificate in your certificate store, clicking on Details, then scroll down to the Thumbprint value.