Ask a Question

How to disable prompt for "Please insert a smart card." during batch Extended Validation (EV) Code Signing

Problem

When attempting to sign code a prompt to insert a smart card is presented. The prompt can be ignored by clicking the Cancel button and that will allow the code to be signed successfully. This behavior can be a nuisance especially when trying to achieve automated batch signing.

Solution

To bypass the prompt for smart card, update the signtool command to force which publisher certificate to use. This can be achieved by using the /SHA1 prefix.

To find your thumbprint, view the certificate, click on the details tab and scroll down to the thumbprint field.

For example:

Signtool.exe sign /s MY /SHA1 3V4D8F7538EE983C278925C1C5AD18C8833AG79 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /v "c:\path-to-file-for-signing\file.dll"


Important: Symantec recommends customers must leverage SHA256 Timestamping service going forward, and should not use a SHA1 service unless there is a legacy platform constraint which doesn’t allow use of SHA2 service.

For more information on how to sign with your Extended Validation (EV) Code Signing certificate, click here