SignTool not working with New-SelfSignedCertificate

[AliveDevil]

SignTool will always get stuck on "After Private Key filter, 0 certs were left..

Output is

After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Subject Name filter, 1 certs were left.
After Private Key filter, 0 certs were left.

Following certificate is not working with SignTool:

New-SelfSignedCertificate -Type CodeSigningCert -CertStoreLocation cert:\LocalMachine\My -Subject "CN=Company Name" -HashAlgorithm SHA256

Following certificate works with SignTool:

MakeCert /a SHA256 /n "CN=Company Name" /r /h 0 /eku "1.3.6.1.5.5.7.3.3" /e 07/09/2020 /ss my -sr localmachine -sky exchange Key.cer

This way SignTool is invoked:

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /debug /d "Product Name" /fd sha256 /tr http://timestamp.globalsign.com/scripts/timestamp.dll /td sha256 /a /sm /n "Company Name" "A:\bsolute\Path\To\Some\File.ext"

Please clarify CodeSign-usage of New-SelfSignedCertificate with SignTool.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: b80b6f8a-6227-63cb-391f-bd3324a57251
• Version Independent ID: e3ce9f6c-ae5f-9b4b-2d3b-d709e886c01c
• Content: New-SelfSignedCertificate (pkiclient)
• Content Source: docset/windows/pkiclient/new-selfsignedcertificate.md
• Product: w10
• Technology: powershell-windows
• GitHub Login: @coreyp-at-msft
• Microsoft Alias: coreyp

[o0nj]

@officedocsbot assign @e0i

[o0nj]

@AliveDevil

The issues section of this repository is intended for documentation problems.

Please consider checking any relevant resources and asking the community about your problem via the following link.

PowerShell Community

Also feel free to reply if there is anything else that could be done to improve the document itself.

Thanks.

[o0nj]

@officedocsbot close