@Takashi Thanks for this hint. Do I understand correctly, a missing extendedKeyUsage codeSigning declaration in my certificate makes it unusable for module signing?