【发布时间】:2021-08-09 18:12:12
【问题描述】:
我正在尝试签署一个可执行文件。我用来签名的命令行是signtool sign -fd SHA256 -tr http://freetsa.org/tsr -td SHA256。
运行signtool verify -v -pa 声称时间戳格式错误:
SignTool Warning: An error has been found with the timestamp.
CERT_TRUST_STATUS.dwErrorStatus: 0x00000020
CERT_TRUST_STATUS.dwInfoStatus: 0x00000020
SignTool Error: WinVerifyTrust returned error: 0x80096005
The timestamp signature and/or certificate could not be verified or is malformed.
运行 signtool verify -v 声称根证书不受信任:
SignTool Warning: An error has been found with the timestamp.
CERT_TRUST_STATUS.dwErrorStatus: 0x00000020
CERT_TRUST_STATUS.dwInfoStatus: 0x00000020
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
有问题的根证书是:
Issued to: AAA Certificate Services
Issued by: AAA Certificate Services
Expires: Sun Dec 31 16:59:59 2028¹
SHA1 Hash: D1EB23A46D17D68FD92564C2F1F1601764D8E349
¹我不确定为什么要在这个特定时间。如果是当地时间,那就是 2100 UTC。如果它是针对 DST 更正的当地时间,则为 2200。这并不重要。
无论如何,我检查了受信任的证书。实际上,有问题的根证书受到计算机的信任。
怎么了?
【问题讨论】: