provide demo certificate authority file (CAfile)

[adrelanos]

Could you please provide your demo certificate authority file (CAfile)? What I mean by that... For CI testing, I attempted to verify my hello_signed.exe using osslsigncode.

osslsigncode verify -in hello.exe_signed

It failed [1] because the system doesn't know which CA signed the file since it's just a demo and not in the operating system's root CA store.

If the CAfile was provided, that would help with CI testing.

---

[1]

Current PE checksum   : 00000000
Calculated PE checksum: 00019133

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 5B7DA110C0EE4C6C4A3D20EE4A7A91895EA8672FA535F5E5DDCF05DAB1AC908D 
Calculated message digest : 5B7DA110C0EE4C6C4A3D20EE4A7A91895EA8672FA535F5E5DDCF05DAB1AC908D 

Signer's certificate:
    Signer #0:
        Subject: /C=US/ST=Texas/L=Houston/O=Esigner LLC/OU=Cloud Signing Demo/serialNumber=0123456789/CN=Esigner LLC/businessCategory=Private Organization/jurisdictionC=US
        Issuer : /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com EV Code Signing Intermediate CA RSA R2
        Serial : 759CAA9F55A36E9EA319D8D02ADD675D
        Certificate expiration date:
            notBefore : Jun 29 17:00:31 2023 GMT
            notAfter : Jun 28 17:00:31 2025 GMT

Number of certificates: 3
    Signer #0:
        Subject: /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority RSA R2 - Development
        Issuer : /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority RSA R2 - Development
        Serial : 688EA2BE080BFBEE
        Certificate expiration date:
            notBefore : Jan 16 12:16:36 2018 GMT
            notAfter : Jan 15 12:16:36 2043 GMT
    ------------------
    Signer #1:
        Subject: /C=US/ST=Texas/L=Houston/O=Esigner LLC/OU=Cloud Signing Demo/serialNumber=0123456789/CN=Esigner LLC/businessCategory=Private Organization/jurisdictionC=US
        Issuer : /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com EV Code Signing Intermediate CA RSA R2
        Serial : 759CAA9F55A36E9EA319D8D02ADD675D
        Certificate expiration date:
            notBefore : Jun 29 17:00:31 2023 GMT
            notAfter : Jun 28 17:00:31 2025 GMT
    ------------------
    Signer #2:
        Subject: /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com EV Code Signing Intermediate CA RSA R2
        Issuer : /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority RSA R2 - Development
        Serial : 66145E2FFC742AC4
        Certificate expiration date:
            notBefore : Jan 16 12:20:51 2018 GMT
            notAfter : Jan 16 12:20:51 2033 GMT

Authenticated attributes:
    Message digest algorithm: SHA256
    Message digest: 7A6DF73D356E1581661C9FFF71C6D8331609C453A70E62FA4D4493902A2AD756 
    Signing time: N/A
    Microsoft Individual Code Signing purpose
    URL description: 

The signature is timestamped: Jul 31 18:47:22 2023 GMT
Hash Algorithm: sha256
Timestamp Verified by:
        Issuer : /C=US/ST=Texas/L=Houston/O=SSL Corp/CN=SSL.com Timestamping Issuing RSA CA R1
        Serial : 1AD608A7D634B5CDDE97CBA3CCF0D04B

CAfile: /etc/ssl/certs/ca-certificates.crt
TSA's certificates file: /etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl-dev.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R2.crl
TSA's CRL distribution point: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl

Timestamp Server Signature verification: ok
Signature verification time: Jul 31 18:47:22 2023 GMT

PKCS7_verify error
408987A924780000:error:10800075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:295:Verify error: self-signed certificate in certificate chain
Signature verification: failed

Number of verified signatures: 1
Failed

[bayrakmustafa]

@adrelanos

osslsigncode verify -in hello_signed.exe -CAfile SSLcom-DEV.crt

After giving the CA file with the above command, it validated. I am attaching the CA file.

SSLcom-DEV.crt.zip

[adrelanos]

Thank you so much!