SignTool error: Access is denied

I am trying to authenticode sign a .NET application with a new code signing certificat开发者_JAVA技巧e on Windows Server 2008 R2 x64 with VS2010 installed, but SignTool keeps responding with Access is denied:

SignTool.exe sign /v /a /sha1 <thumbprint> MyApplication.exe

The following certificate was selected:
    Issued to: <redacted>
    Issued by: VeriSign Class 3 Code Signing 2010 CA
    Expires:   Thu Jun 28 01:59:59 2012
    SHA1 hash: <thumbprint>

Done Adding Additional Store
SignTool Error: Access is denied.
SignTool Error: An error occurred while attempting to sign: MyApplication.exe

Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1

The certificate is installed to the user's personal store and the user is member of the local Administrators group. I also tried signing using the .pfx file but kept getting the same error. Disabling the UAC prompt showed no effect either.

Any ideas?

I also had this pb to use signtool.exe with windows 8. To resolve, you have to run cmd.exe directly from c:\windows\system32\cmd.exe clicking "Run as administrator".

What solved it for me was realising that my exe was read-only. Removing write-protection allowed SignTool to do its job with no further issues.

(Credit: eselk's comment at SignTool error: Access is denied)

The reason was that private key protection was enabled, but unless running the command prompt as Administrator, the corresponding "An application is requesting access to a protected Item." prompt did not appear.

To resolve the issue, I had to delete certificate and key, and then reimport it from the .pfx file, this time not selecting the strong private key protection option.

I had the same problem, but in my case I was trying to run from the windows service which was running under LocalSystem account. Changing it to regular account solved the issue.