0

I am using signtool.exe to sing my msi output through a proj file in Jenkins. My command to sign the msi is, "C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\signtool.exe" sign /f "C:\Build\SignCertificate.cer" /csp "Microsoft Enhanced Cryptographic Provider v1.0" /k privatekeycontainer /t "http://timestamp.verisign.com/scripts/timstamp.dll" "..\Release\output.msi" . The pfx file is added in certificate store.

Whenever i execute it through command prompt it get pass and the msi get signed. But if i try through Jenkins then it fails. Please help me what is wrong.

кคгtђเςк ĞŔĶ
  • 213
  • 4
  • 16

3 Answers3

1

My problem was solved. The pfx is not imported with the private key properly. Now the leaf tells that it has a private key. So the problem is with the pfx file.

кคгtђเςк ĞŔĶ
  • 213
  • 4
  • 16
1

Import sertificate to Machine Store instead of User store. Steps described here http://www.dartmouth.edu/~deploypki/materials/web_authn/pages/IISonXP_AddingTrustedCACertToComputer.htm

Rytis I
  • 1,105
  • 8
  • 19
0

Try these steps:

  1. Create a user 'Jenkins' as and Administrators group member
  2. Run the Jenkins service as the user 'Jenkins'
  3. log in as Jenkins user and install the certificate in the user store.
  4. Run it through Jenkins

Also, take a look at this link which is very similar to your question: SignTool Error: ISignedCode::Sign returned error: 0x80092006

Community
  • 1
  • 1
SoftwareCarpenter
  • 3,835
  • 3
  • 25
  • 37
  • Currently my user is in Administrator group only. But Jenkins service is run as local user. – кคгtђเςк ĞŔĶ Apr 23 '13 at 11:21
  • That error message indicates a permission issue. Elevate the Jenkins service account by creating the Jenkins admin user. Also, ensure that the Jenkins service user installs the certificate so that it will be able to find it. https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+as+a+Windows+service hope this helps. – SoftwareCarpenter Apr 23 '13 at 16:53