I am using the script on windows 10 with git bash.
I assigned the paths to the 2 external tools correctly and also assigned the path to the cert.
For some reason no matter which setup i scan every exe will be reported with an "digital signature error".

Is this known ?
Which informations do you need to reproduce this issue ?

Known is that someone else who used Git BASH had signature errors, too. He is now using Cygwin instead: #3

The problem probably boils down to how to provide the Windows version of osslsigncode with compatible certificate bundles. Judging by their README, it requires you to specify files that osslsigncode is explicitly built against. At first glance, the Git BASH ca-bundle.trust.crt file seems incompatible.

Unless someone else who has done it before chimes in: IMO the quickest solution for Windows 10, if WSL is not an option, is to use Cygwin (see #3).

Perhaps it could work by using this file: certfile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

It is confirmed that the above file works on Windows 11, using the latest release of osslsigncode.exe.
The updated script contains the new file suggestion for Git Bash.

Let me know if, against expectation, the errors persist on Windows 10.

You can now generate a certfile with the "makecertfile" script: https://github.com/hippie68/gogcheck/blob/master/makecertfile. It should solve any problems caused by using wrong bundle files.