I'm making a CI build task in PowerShell to sign an assembly and the manifest with signtool and mage.
It works great, except that I have to run PowerShell as Administrator to get mage to accept the certificate. What I find really strange is that signtool can use the same certificate without privileges.
The certificate is a .pfx file.
Script:
signtool sign /f $certPath /p $certPassword /q /t $timestampUri "Example.dll"
mage -s "Example.dll.manifest" -CertFile $certPath -Password $certPassword -ti $timestampUri
Without privileges:
Done Adding Additional Store
Successfully signed and timestamped: Example.dll
Unable to open certificate "D:\example.pfx":
Access denied.
With privileges:
Done Adding Additional Store
Successfully signed and timestamped: Example.dll
Example.dll.manifest successfully signed
Does anyone know what is going on here?
Edit:
I used Procmon as adviced. Log below in CSV Procmon logs