Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
ArunkumarA
New Member

How to sign the .pqx file using a Hardware Token model through the makepqx command?

‎03-13-2024 07:27 AM

Hi Team,

According to the makepqx signing documentation, we can sign the .pqx file using a physical .pfx certificate. As you are aware of FIPS 140-2 compliance, we can no longer purchase .pfx certificates, and they will now be provided by an HSM or USB Token model. Consequently, we cannot pass the .pfx certificate to the makepqx command. Please let us know the procedure for signing using the hardware token model.

If using signtool.exe is an option, please provide an example of how to sign the .pqx file.

Power Query Connector Signing Document
https://learn.microsoft.com/en-us/power-query/handling-connector-signing

Labels:
Message 1 of 5
388 Views
0
1 ACCEPTED SOLUTION
jcahanes
New Member
In response to ArunkumarA

‎04-11-2024 09:18 AM

Hello,

 

Please try the following:

1. Export the public portion of the signing certificate from your USB token, keep a copy of it in a working directory.

2. Install it into your local certificate store. (It should show that you have the private key associated with this certificate)

 

.\MakePQX.exe sign "c:\directory\something.pqx" --certificate "c:\directory\exportedusbcert.cer"

 

If you have your usb inserted and are logged in it should work.

View solution in original post

Message 5 of 5
103 Views
4 REPLIES 4
ArunkumarA
New Member

‎03-18-2024 03:49 AM

Hi @v-junyant-msft Thank you for your kind response, we tried with above command to sign but we received below error,

SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: Cloud.pqx


Kindly refer the attached image and help us to resolve the issue,

pqx-signing-error.png

 

Thanks&Regards,

ArunkumarA.



Message 3 of 5
300 Views
0
ArunkumarA
New Member
In response to ArunkumarA

‎03-22-2024 05:23 AM

Hi Team, Anyone help me to fix the above signing problem, currently we have updated to Hardware token model system to sign the package and not able to sign with makepqx command. 

Thank you,

ArunkumarA.

Message 4 of 5
267 Views
0
jcahanes
New Member
In response to ArunkumarA

‎04-11-2024 09:18 AM

Hello,

 

Please try the following:

1. Export the public portion of the signing certificate from your USB token, keep a copy of it in a working directory.

2. Install it into your local certificate store. (It should show that you have the private key associated with this certificate)

 

.\MakePQX.exe sign "c:\directory\something.pqx" --certificate "c:\directory\exportedusbcert.cer"

 

If you have your usb inserted and are logged in it should work.

Message 5 of 5
104 Views
v-junyant-msft
Community Support
Community Support

‎03-13-2024 10:38 PM

Hi @ArunkumarA ,

You can try to follow the steps below:
1. Identify the CSP and Key Container Name: Before signing, you need to identify the Cryptographic Service Provider (CSP) and the key container name used by your hardware token. This information is usually provided by the token vendor or can be found in the token management software.
2. Use SignTool with CSP and Key Container: Once you have the CSP and key container name, you can use the signtool.exe command with the /csp and /k options to specify them.
For example:

signtool sign /csp "YourCSPName" /k "YourKeyContainerName" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /v YourPQXFile.pqx

3. Verify the Signature: After signing, it's a good practice to verify the signature to ensure everything is in order:

signtool verify /pa /v YourPQXFile.pqx

 

Best Regards,
Dino Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 5
337 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All