Invalid provider type specified error in code sign

2019-07-02 17:00发布

问题:

I brought a code signing certificate from GoDaddy generated a .pfx file from it. But when I use this file to code sign the clickonce manifest of my outlook vsto application I get this error in visual studio

An error occurred while signing: Invalid provider type specified. 

What could be the problem here? Thanks.

回答1:

The signing identity stored in the .pfx container are most likely older "Cryptographic Service Providers" (CSP) style. The environment you are using to sign your package looks like required "Cryptography API: Next Generation" (CNG) provider type. The solution would be to convert your existing container to use CNG Storage Provider. This should be done by the following steps ...

  • Import the PFX into your personal store
  • Export the public key from the store by going through export wizard
  • Export the private key using OpenSSL into .pem format

    openssl.exe pkcs12 -in <original pfx file>.pfx -nocerts -out <pem file location>.pem
    
  • Convert to PVK

    pvk.exe -in <pem file location>.pem -topvk -strong -out <pvk file location>.pvk
    
  • Merge the Public and Private keys

    pvk2pfx.exe -pvk <pvk file location>.pvk -pi <pvk password> -spc <pvk file location>.cer -pfx <new pfx file location>.pfx -po <pfx password>
    

Now you can import the newly created pfx file into the Certificate Manager. Make sure you remove the old certificate first from the Certificate Manager. Once the certificate is in place you can use certutil again to validate if the certificate is now correct.

If it now shows the provider as "Microsoft Strong Cryptographic Provider" you know the operation has been successful.

The credits goes to Remy's Blog, where you may find the full explanation on the issue with examples and verification steps... Converting Certificate to use CSP Storage Provider in stead of CNG Storage Provider.