Dear experts,
I have a VSIX extension that installs and works fine in VS2017-19. However, in the installer wizard window the Digital Signature line is "none". I decided to try to sign it with a self-signed certificate. I generated a self-signed certificate with Powershell New-SelfSignedCertificate commandlet. After that, I used VsixSignTool like that:
vsixsigntool sign /v /f Unicomsi.pfx /p <password> /fd sha256 MyVSIX.vsix
The VsixSignTool output upon completion was:
The following certificate was selected:
Issued to :
www.unicomsi.com
Issued by :
www.unicomsi.com
From : Wed Sep 18 10:55:49 2019
Expiry : Fri Sep 18 11:15:49 2020
Sign Method: RSA/SHA256
SHA1 hash : ac ae 6b af 26 e0 89 ef ac d4 ef cb c7 e0 6f 26
06 1d 69 b8
VsixSignTool Success: Package "PurifyPlusVSIX.vsix" was signed successfully.
Number of files successfully Signed: 1
Number of errors: 0
So far so good. Now, when I start MyVSIX.vsix, the installation wizard comes up and in the Digital Signature line I see the following: "Invalid Certificate". This is more troublesome than "none".
I have the following questions:
1. Is it possible to sign a VSIX installer with a sefl-signed certificate?
2. If certificate is not valid, why vsixsigntool reports success? This is very confusing.
3. Is there a way to diagnose VSIX digital signature and find more details on what makes a certificate invalid?
Thank you,
Victor