I have an IIS server setup to do code signing. The client sends the file to the server; the server calls Microsoft's signtool.exe, signs the file and sends it back to the client. This process works well with a standard code signing certificate.
I just purchased a Symantec EV certificate which comes on a USB token. I'm trying to get it working with the same setup, but signtool.exe returns the error "SignTool Error: No certificates were found that met all the given criteria.". I suspect this is an issue with IIS not being able to interact properly with the USB token device.
If i run signtool.exe from the command-line, everything works fine. It just doesn't work when run via IIS. Is there any IIS configuration/permissions I'm missing?
I'm using Windows Server 2012 and IIS 8.5.
Thanks.