5

I had created a build definition to build a desktop application online on visualstudio.com which fail at task Build Solution (Visual Studio build) with following error,

[error]C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\15.0\Bin\Microsoft.Common.CurrentVersion.targets(3156,5): Error MSB3325: Cannot import the following key file: Sixmod5Certificate.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_3B2BCC84AE4E26F1

I followed solution specified at, https://developercommunity.visualstudio.com/content/problem/156086/vsts-build-msb3325-cannot-import-the-following-key.html

then as specified at, https://stackoverflow.com/a/48698229/3531672 I had added a powershell script task before build task, as follows,

[CmdletBinding()]
param(  
    [Parameter(Mandatory)][string] $pfxpath,
    [Parameter(Mandatory)][string] $password
)

Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()

but no luck yet,

There are different SO post similar to this specifying solution to build from Admin user, or installing pfx certificate manually, but as they are related to personal computer and I am trying to configure Continuous integration on visualstudio.com, they don't seem useful to me.

Please note I am able to successfully build on my local machine.

If you wish to regenerate this problem at your end, follow these steps,

STEP 1: Create a new VSTO Addin Project (Any Excel/Word/Powerpoint).

STEP 2: Attach this to VSTS.

STEP 3: In signing tab of Application properties, instead of using temperory certificate, create a new password protected certificate (PFX - Personal Information Exchange in my case) and use this to sign ClickOnce Manifest

STEP 4: Try to build on local machine, it will succeed.

STEP 5: Push it over and try to build on VSTS, you will get the same error as above.

Aniket Bhansali
  • 630
  • 12
  • 33
  • What's the build detail build logs if you use the way as starain mentions (https://stackoverflow.com/questions/48692240/vsts-online-build-solution-with-clickonce-signing-pfx-password/48698229#48698229)? And what's the agent machine did you use, hosted or private? – Marina Liu Apr 30 '18 at 08:37
  • I am using Hosted machine and I had created Powershell script for Starain's script and added a task to execute before Build task, but getting same error, Is it something to do with Account permissions or such configurations if any? cz I am new to VSTS. – Aniket Bhansali Apr 30 '18 at 09:30
  • 1
    The script can be execute on Hosted agent. Can you show the detail build log and the powershell script? – Marina Liu Apr 30 '18 at 09:41
  • Here is the link for debug logs, https://drive.google.com/drive/folders/1Mco8xaTERncs-W-DzDgNnhNICxOhRWzn?usp=sharing and I had updated question with powershell script. – Aniket Bhansali Apr 30 '18 at 14:46
  • It seems there are more than one project in your solution file. Does both of the projects are desktop app? And do you want to build both of the projects? Or can you share an example code (without signing) in one drive which can reproduce the same error message. – Marina Liu May 01 '18 at 09:20
  • Yes, there are multiple projects, four are Office plugins and couple of them are desktop app, and yes need to build them all, and really sorry but can't share code along with you. – Aniket Bhansali May 01 '18 at 10:00
  • But I can build succeed with the method to build desktop app and addin app (build log is here https://1drv.ms/t/s!ApIKkY1MTjMRhDNq2uRt9tMaR19e). – Marina Liu May 02 '18 at 06:18
  • Yes build should succeed with desktop app and addin app altogether in one solution, but its with PFX file, something that going wrong and as I said, its all working on my local machine. – Aniket Bhansali May 02 '18 at 09:55
  • 1
    The PFX file need to be installed to the Strong Name CSP, I am afraid that you need to setup a private build agent with that PFX file installed (sn -i). – starian chen-MSFT May 08 '18 at 06:53
  • @starianchen-MSFT Isn't there any alternate way, I am trying to run sn on VSTS also, but failing at the setup, where we enter the password, 2018-05-04T10:45:27.4239075Z Enter the password for the PKCS#12 key file: 2018-05-04T10:45:27.4239532Z Could not read password for PKCS#12 blob in D:\a\1\s\Sixmod5PFX\Sixmod5Certificate.pfx -- Console input may not be redirected for password entry. – Aniket Bhansali May 08 '18 at 09:46
  • Not found the better way, to install pfx file, you need to install it by calling `sn -i` command manually. – starian chen-MSFT May 09 '18 at 04:16
  • I tried a lot different, but failed at all, so tried the way you suggested, and created a cmd file with following script C: cd C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\ sn -i "%1\Sixmod5PFX\Sixmod5Certificate.pfx" VS_KEY_BD774ABB8BB29878 but no success, getting error mentioned in trailing comment, i.e. could not read password – Aniket Bhansali May 09 '18 at 12:22
  • I am also having same issue in Azure DevOps... – Ziggler May 28 '19 at 18:21

1 Answers1

2

I unchecked the "Sign the assembly" checkbox from the "project properties -> Signing" page and everything worked like a charm. The build was signed successfully through VSTS. Somehow I missed this solution provided in many SO threads related to the problem.

Bhargav Rao
  • 50,140
  • 28
  • 121
  • 140
Jabez
  • 795
  • 9
  • 18