The PowerShell script that's worked for 2 years to find a signing certificate, stopped working

LainRobertson 

I've been making several changes to the PS script to make it work. It still isn't. Here's what I've currently got for trying to sign the .exe and .dll files produced during the build:

Get-AuthenticodeSignature *.exe,*.dll | ? Status -eq NotSigned | % Path | %{&$signtool sign /debug /tr $timestamp /td sha384 /fd /sha1 $hash $_ }

And here's the error that I'm now getting:

##[error]SignTool Error: The specified algorithm cannot be used or is invalid 

 I do not know what algorithm should be used with the /td and /fd switches. And I'm still unsure if I should include /sha1 or not. Working with a colleague we looked at the properties of the new certificate and saw this:

• Signature algorithm: SHA384RSA
• Signature hash algorithm: SHA384
• Thumbprint algorithm: SHA1

Using those what does it tell you I should be using for /td and /fd. And do I still need to use /SHA1?