Reply
xaqmusic1
Level 2 Contributor

Code Signing Certificate not recognized as EV on submission

Hello, community!

 

We are trying to submit a brand new Digicert EV code signing certificate at the Partner Center.  Unfortunately, we are getting this message:

 

Error: The code signing certificate you used to sign the file is not an Extended Validation (EV) certificate. Please get an EV certificate from one of the CAs listed on the certificate info page.

 

This is definitely an EV cert that conforms to the new >3072-bit RSA requirement.  The only thing I see different from our older cert is "EV" is not in the CN:  DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1

 

We are trying to make support tickets but they are getting rejected because somehow they are ending up with the wrong department (???) we were also told to go to http://aka.ms/storesupport which is getting redirected to developer support.  What do we do?

 

 

 

1 ACCEPTED SOLUTION
xaqmusic1
Level 2 Contributor

@v-jillarmour @RachelP @Gwenael I think we finally have a resolution!

 

So the EV error was a red herring that sent us down the wrong path.  It turns out the signing command needed to be updated to support the new cert standard:

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /fd sha384 /a /n "YourCompany, LLC" /t http://timestamp.digicert.com/scripts/timstamp.dll  <myfile>

 

If sha256 is in the command, the Partner Portal will give the "Not an EV Certificate" error.  That message should be updated in the portal to help the next folks with this issue, but we are happy to finally have a resolution.

 

Thanks for the support, community!

View solution in original post

7 REPLIES 7
xaqmusic1
Level 2 Contributor

@v-jillarmour @RachelP @Gwenael I think we finally have a resolution!

 

So the EV error was a red herring that sent us down the wrong path.  It turns out the signing command needed to be updated to support the new cert standard:

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /fd sha384 /a /n "YourCompany, LLC" /t http://timestamp.digicert.com/scripts/timstamp.dll  <myfile>

 

If sha256 is in the command, the Partner Portal will give the "Not an EV Certificate" error.  That message should be updated in the portal to help the next folks with this issue, but we are happy to finally have a resolution.

 

Thanks for the support, community!

v-jillarmour
Community Manager

WONDERFUL!! Thank you so much for circling back with your findings. Much appreciated. I hope it helps the next partner facing this issue. 🌻

Gwenael
Visitor 1

We currently have the same issue with a EV certificate delivered by GlobalSign GCC R45 EV CodeSigning CA 2020

v-jillarmour
Community Manager

@Gwenael Can you share your support ticket number so I can check the status and see what I can do to escalate it? 

RachelP
Moderator

Hi @xaqmusic1 , 

 

This is not my area of expertise, but since you were redirected to developer support, were you able to submit the ticket there? Id imagine they'd be able to clarify why you were redirected to their team. 

 

Just a suggestion.

 

Regards, 

Licensing Concierge

xaqmusic1
Level 2 Contributor

@RachelP 

Thank you for your reply!  We may have been able to get a ticket with someone who can help us, but that was a week ago and the issue is not resolved.  It should be noted that we received these instructions for making the ticket at http://aka.ms/storesupport:

unnamed.png

Unfortunately, this page does not seem to exist!

 

We are now on our 21st day of not being able to submit a new certificate.

 

v-jillarmour
Community Manager

@xaqmusic1 Can you provide me with your ticket number so I can check on the status for you?