I'm attempting to sign an EXE file on Linux.
First, I followed this article to store my certificate into a YubiKey.
Then, I concatinated my certificate file, intermediate CA file and root certification files into one
cat my_certificate.crt SSL_COM_CODE_SIGNING_INTERMEDIATE_CA_RSA_R1.crt SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt > all.crt
Then, ran jsign.
jsign --storetype YUBIKEY --storepass 123456 --certfile all.crt unsigned.exe
However, it failed with messages below.
Adding Authenticode signature to unsigned.exe
jsign: Couldn't sign unsigned.exe
java.security.SignatureException: Signature verification failed, the private key doesn't match the certificate
Could you help identify what is wrong?
Your cert chain doesn't match the YubiKey's private key. Export the matching cert from YubiKey and retry.