Cannot sign Windows .exe on Mac OS using osslsigncode and self-signed cert

:information_source: Attention Topic was automatically imported from the old Question2Answer platform.
:bust_in_silhouette: Asked By keidav

I cannot sign a windows .exe on Mac OS (13.2.1) with osslsigncode. I was failing in the Godot Editor v4.0.1, so I decided to test on the command line. Using osslsigncode v2.3.0 and my mac’s openssl → LibreSSL v3.3.6.

I am not embedding the .pck with the the exported binary.

I have created a self-signed cert and .pfx file as follows:

Generate a private key for the CA

openssl genrsa -out ca.key 4096

GHenerate certificate

openssl req -config config.cnf -new -x509 -days 1826 -key ca.key -out ca.crt

Generate a private key for code signing

openssl genrsa -out codesign.key 4096

Generate a new certificate request (csr) with just a CN.

openssl req -config config.cnf -sha256 -new -key codesign.key -extensions v3_req -out codesign.csr

Create certificates based on the csr

openssl x509 -req -days 1826 -in codesign.csr -CA ca.crt -CAkey ca.key -extfile config.cnf -set_serial 01 -out codesign.crt

Export certificates based on the csr

openssl pkcs12 -export -out codesign.pfx -inkey codesign.key -in codesign.crt -passout pass:<password>

Verify the Password

openssl pkcs12 -in codesign.pfx -noout

Using this command to sign:

osslsigncode sign -pkcs12 codesign.pfx -pass "<password>" -t http://timestamp.digicert.com -in ConversionToollBugs.exe  -out Test.exe

Results in the following error and I am using the correct password:

Failed to parse PKCS#12 file: codesign.pfx (Wrong password?)
40818C0502000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Failed

Any pointers as how to fix this? Thanks in advance!

:bust_in_silhouette: Reply From: keidav

hmmm… don’t use openssl that comes with MacOS… (expletive) Apple!