We’ve setup Microsoft Trusted Signing.
It works fine for .exe executables and .ps1.
However, we have 2 problems when signing Office Documents:
*.dotm files signtool.exe says that the file has successfully been signed, however, the file has not changed and is not signed.
*.xlsm files signtool.exe says that the file type is unknown..
We use
- version 10.0.26100.1 (32-Bit) of signtool.exe from the latest Windows 11 SDK.(also tried other SDK versions without success)
- version 1.0.60 of Microsoft Trusted Signing Client
- OfficeSips version 16.0.16507.43425 and have registered msosip.dll and msosipx.dll
- Latest available version of vcredist_x86.exe
We use the following Command line for signing
"c:\program files (x86)\Windows Kits\10\bin\10.0.26100.0\x86\signtool.exe" sign /v /debug /fd SHA256 /tr http://timestamp.acs.microsoft.com /td SHA256 /dlib "S:\Source\Tools\Signtool\Microsoft.Trusted.Signing.Client.1.0.60\bin\x86\Azure.CodeSigning.Dlib.dll" /dmdf "S:\Source\Tools\SignTool\AzureLogin.json" "s:\ppdoc.dotm"
Result when signing .docm Files:
- Submitting digest for signing...
- OperationId 0e079232-ef25-497f-9abe-c9dac57f8953: InProgress
- Signing completed with status 'Succeeded' in 3.8591653s
Result when signing .xlsm files:
- Error information: "Error: SignerSign() failed." (-2147220493/0x800403f3)
- STDERR: SignTool Error: An unexpected internal error has occurred.
- (But on some computers there is the message of unknown file type) Can anybody help?