PVK2PFX错误0x80070490-找不到与密钥匹配的证书 [英] PVK2PFX Error 0x80070490 - Cannot find certificates that match the key
问题描述
我们从Thawte获得了新的证书(* .cer)文件,我通过了我们的标准程序,允许它与代码签名一起使用.
We got our new certificate (*.cer) file from Thawte, and i went through our standard procedures to allow it for use with code signing.
如果我使用旧的(工作中的)证书:
If i use our old (working) certificate:
-
将证书( .cer)转换为软件发布证书( .spc)
>Cert2Spc.exe Avatar.cer Avatar.spc
Succeeded
使用SPC将我们的私钥文件(* .pvk)合并为PFX:
Combine our private key file (*.pvk) with the SPC into a PFX:
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -f
提示输入私钥文件密码,输入密码,然后单击确定"
我们很乐意去;准备使用signtool
.
And we're good to go; ready to use signtool
.
我们现在拥有我们的新证书,我按照相同的步骤进行操作:
We now have our new certificate, and i follow the same procedure:
-
将证书( .cer)转换为软件发布证书( .spc)
>Cert2Spc.exe Avatar.cer Avatar.spc
Succeeded
使用SPC将我们的私钥文件(* .pvk)合并为PFX:
Combine our private key file (*.pvk) with the SPC into a PFX:
>pvk2pfx.exe -pvk Avatar.pvk -spc Avatar.spc -pfx Avatar.pfx -f
提示输入私钥文件密码,输入密码,然后单击确定"
ERROR: Cannot find certificates that match the key.
(Error Code = 0x80070490).
怎么了?
注意:
- 我们使用相同的私钥文件(* .pvk)已有十年了
- 今年Thawte给了我们 2年证书;而不是通常的1年
- 今年Thawte将其签名证书从
Thawte Code Signing CA
更改为Thawte Code Signing CA - G2
- Google说没人曾收到错误找不到与密钥匹配的证书.
-
Windows SDK仅包含对错误代码
0x80070490
的两个引用:
- we've used the same private key file (*.pvk) for a decade
- this year Thawte gave us a 2-year certificate; rather than the usual 1-year
- this year Thawte changed their signing certificate from
Thawte Code Signing CA
toThawte Code Signing CA - G2
- Google says that nobody has ever gotten the error Cannot find certificates to match the key.
The Windows SDK only contains two references to the error code
0x80070490
:
-
Visual Foxpro Windows头文件(
vfwmsgs.h
):
//
// MessageId: E_PROP_ID_UNSUPPORTED
//
// MessageText:
//
// The specified property ID is not supported for the specified property set.%0
//
#define E_PROP_ID_UNSUPPORTED ((HRESULT)0x80070490L)
几乎可以肯定这是一条红鲱鱼; Foxpro?
Which is almost certainly a red herring; Foxpro?
在RSS屏幕保护程序示例(RssItem.cs
)中注释了代码
commented out code in the RSS screensaver sample (RssItem.cs
)
// "Element not found. (Exception from HRESULT: 0x80070490)"
几乎也肯定是一条红鲱鱼; XML?
Also almost certainly a red-herring; XML?
推荐答案
事实证明,今年我们获得了一个新的私钥.
Turns out that this year we were given a new private key.
好吧,您不是给予私钥,证书+密钥是通过浏览器获取的,并存储在证书存储区中.从那里我们可以导出一个.PFX
(一个pfx
包含一个证书和一个私钥).
Well, you're not given a private key, the certificate+key is fetched through the browser and stored in a certificate store. From there we can export a .PFX
(A pfx
contains a certificate and a private key).
从浏览器的证书存储区导出此PFX后,我们可以直接使用它与signtool
签署代码.
With this PFX exported from the browser's certificate store, we can use it directly to sign code with signtool
.
注意:我们实际上是嘴,并经过了以下步骤:
Note: We were actually gluttons for punishment, and went through steps:
+--[.pfx]---+ +--[.cer]---+ +--[.spc]---+ +--[.pfx]---+
|Certificate|====>|Certificate|====>|Software |=========> |Certificate|
| + | +-----------+ |Publishing | | + |
|Private Key|==+ + |Certificate| +=====> |Private Key|
+-----------+ | +-----------+ | +-----------+
| |
| |
| +--[.pem]---+ +--[.pvk]---+ |
+=>|Private Key| ==> |Private Key|===+
+-----------+ +-----------+
但是那条路给我们的是一个私有密钥文件(*.pvk
),该文件没有密码保护;因此signtool
可以在无需用户干预的情况下运行.
But all that route gave us was a private key file (*.pvk
) that wasn't protected with a password; so signtool
could run without user interaction.
但是这个问题的答案是:私钥与证书不匹配.
But the answer to this question was: The private key doesn't match the certificate.
这篇关于PVK2PFX错误0x80070490-找不到与密钥匹配的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!