Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi Team,
According to the makepqx signing documentation, we can sign the .pqx file using a physical .pfx certificate. As you are aware of FIPS 140-2 compliance, we can no longer purchase .pfx certificates, and they will now be provided by an HSM or USB Token model. Consequently, we cannot pass the .pfx certificate to the makepqx command. Please let us know the procedure for signing using the hardware token model.
If using signtool.exe is an option, please provide an example of how to sign the .pqx file.
Power Query Connector Signing Document
https://learn.microsoft.com/en-us/power-query/handling-connector-signing
Solved! Go to Solution.
Hello,
Please try the following:
1. Export the public portion of the signing certificate from your USB token, keep a copy of it in a working directory.
2. Install it into your local certificate store. (It should show that you have the private key associated with this certificate)
.\MakePQX.exe sign "c:\directory\something.pqx" --certificate "c:\directory\exportedusbcert.cer"
If you have your usb inserted and are logged in it should work.
Hi @v-junyant-msft Thank you for your kind response, we tried with above command to sign but we received below error,
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: Cloud.pqx
Kindly refer the attached image and help us to resolve the issue,
Thanks&Regards,
ArunkumarA.
Hi Team, Anyone help me to fix the above signing problem, currently we have updated to Hardware token model system to sign the package and not able to sign with makepqx command.
Thank you,
ArunkumarA.
Hello,
Please try the following:
1. Export the public portion of the signing certificate from your USB token, keep a copy of it in a working directory.
2. Install it into your local certificate store. (It should show that you have the private key associated with this certificate)
.\MakePQX.exe sign "c:\directory\something.pqx" --certificate "c:\directory\exportedusbcert.cer"
If you have your usb inserted and are logged in it should work.
Hi @ArunkumarA ,
You can try to follow the steps below:
1. Identify the CSP and Key Container Name: Before signing, you need to identify the Cryptographic Service Provider (CSP) and the key container name used by your hardware token. This information is usually provided by the token vendor or can be found in the token management software.
2. Use SignTool with CSP and Key Container: Once you have the CSP and key container name, you can use the signtool.exe command with the /csp and /k options to specify them.
For example:
signtool sign /csp "YourCSPName" /k "YourKeyContainerName" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /v YourPQXFile.pqx
3. Verify the Signature: After signing, it's a good practice to verify the signature to ensure everything is in order:
signtool verify /pa /v YourPQXFile.pqx
Best Regards,
Dino Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.