Knowledge Base - Failed to Sign Package! 

Problem

You are trying to publish third party patches using Patch Connect Plus and you get an error "Failed to Sign Package".

Cause

You might get this due to one of the following reasons:

1. There is no signing certificate
2. Signing Certificate is not imported to "Trusted Publishers" and "Third Party Root Certification Authorities" Stores
3. Certificate might be invalid due to chain validation failure
4. Certificate key length is not 2048 bits

Resolution

1. Ensure that you either import a third party certificate or create a self-signed certificate.
2. Import the signing certificate to "Trusted Publishers" and "Trusted Root Certification Authorities" Stores in machines where Patch Connect Plus and WSUS are installed.
3. If the certificate is not a root certificate, then you should ensure that you have uploaded all the intermediate certificates to avoid chain validation issue. 

Steps to import the signing certificate into 'Trusted store'

1. Execute mmc.exe from the run command to open 'Certificates' store



2. Add 'Certificates' snap-in and select Computer Account





3. Right click 'Trusted Root Certification Authorities' > All tasks > Import



4. Certificate import wizard will be opened. Click Next.
   
5. Specify the location where the certificate has been saved. 
   
6. The certificate file will be saved at <PatchConnectPlus dir>\webapps\ROOT\server-data\certificate\signedCertificate.cer.
   
7. After selecting the file click Next.
   
8. Review the import store location and Click Next.
   
9. Review the summary and click Next.
   
10. Certficate has been successfully imported. Click OK.
    

    Note: Similarly ensure that you import the signing certificate to Trusted Publishers certificate store by following the steps given above.

In case if this problem continues, kindly Contact Support

Keywords: Third-party patch management, publish Patches