There is an issue related to specifying the signing certificate by serial number. To bypass this, use the SHA1 thumbprint instead to identify the signing certificate by specifying the "--sha1" option rather than the "--serial" option.