SignTool Error: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider

Question:
When I try to verify I signed my code correctly, SignTool reports the following error:

SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Answer:
This is because of the “verify” command you may have run: signtool verify myfile.exe. If you run this command, signtool will use the Windows Driver Verification Policy. In order for your file to “verify” properly you need to include the /pa switch, so that SignTool uses the Default Authentication Verification Policy.

Example:
signtool verify /pa myfile.exe

* Sign Tool (SignTool.exe) (MSDN.Microsoft.com)

Codesign – SignTool Error:

SignTool Error: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider

Related Articles

FAQ – CodeSign