签名时发生错误:无法签名file.exe. SignTool错误:未找到符合所有给定条件的证书 [英] Getting An error occurred while signing: Failed to sign file.exe. SignTool Error: No certificates were found that met all the given criteria
问题描述
好的-这真的很奇怪.我有一个TFS版本,可以对文件进行签名,并且上面显示了消息.如果我查看构建中的日志,它说它已成功签名并打上了我的文件的时间戳(有一个手动调用signtool的.proj文件),但在另一步之后(不确定确切位置)-我认为它位于ClickOnce签名时出现错误.
OK - so this is really odd. I have a TFS build that signs a file and I'm getting the message above. If I look at the log from the build it says that it successfully signed and timestamped my file, (there's a .proj file that manually calls signtool) but below that in a different step (not sure where exactly) - I assume that its in the ClickOnce signing I get the error.
我可以使用与构建使用的参数相同的参数使用Signtool自己对文件进行签名,因此我认为也许我需要导入他的证书,因此我打开了mmc,添加了证书管理单元,并通过了导入向导使用本地计算机来安装它(TFS版本在与我的帐户不同的帐户下运行,并且我不知道该帐户的密码,因此我认为可以在计算机级别安装它).我浏览了该文件,并将其成功导入受信任的根证书颁发机构"(见下文):
I'm able to sign the file myself using Signtool using the same parameters as the build uses so I thought perhaps I needed to import he cert, so I opened mmc, added the certificates snap-in, went through the Import Wizard using Local Machine to install it (the TFS build runs under a different account than mine and I don't know the password for that account so I figured that installing it at a machine level would work). I browsed for the file and imported it successfully in the Trusted Root Certification Authorities (see below):
仍然在构建时出现错误. Signtool是从TFS构建中调用的.proj文件中调用的,但是在ClickOnce期间由构建再次调用.通过VS屏幕导入证书后,我现在看到以下内容:
and still I get the error when I build. The signtool is called from a .proj file called in the TFS build, but then again by the build during ClickOnce. After importing the cert through the VS screen I now see this:
并得到此错误:
C:\Program Files (x86)\MSBuild\12.0\bin\Microsoft.Common.CurrentVersion.targets (2718): Unable to find code signing certificate in the current user’s Windows certificate store. To correct this, either disable signing of the ClickOnce manifest or install the certificate into the certificate store.
C:\Program Files (x86)\MSBuild\12.0\bin\Microsoft.Common.CurrentVersion.targets (2718): Cannot import the following key file: . The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user’s personal certificate store.
C:\Program Files (x86)\MSBuild\12.0\bin\Microsoft.Common.CurrentVersion.targets (2718): Importing key file "les.pfx" was canceled.
该证书与.csproj处于同一文件夹中,并且已导入到商店中.
The cert is in the same folder as the .csproj as well as being imported into the store.
Here's the cert info and the Thumbprint matches what's in the .csproj file:
有什么主意我可能会在这里错过吗?
Any ideas what I could be missing here?
推荐答案
根据错误消息,您必须将证书导入到代理计算机的个人存储中.当您从个人商店中引用证书时,它不会要求输入密码,因此您可以访问代码签名证书.
According to the error message, you have to import the certificate into agent machine's personal store. When you reference the certificate from the personal store, it will not ask for the password, and thus you can access your code signing certificate.
如果使用ClickOnce构建了多个项目,则必须将证书导入到每个项目中.
If multiple projects being built with ClickOnce, then you have to import the certificate into each of the projects.
请尝试使用Visual Studio命令提示符将证书导入到构建代理计算机中:
Please try to use the Visual Studio Command Prompt to import the certificate in your build agent machine:
- 单击开始→所有程序→ Microsoft Visual Studio → Visual Studio 工具→ Visual Studio命令提示符.
-
键入以下命令示例:
- Click Start → All Programs → Microsoft Visual Studio → Visual Studio Tools → Visual Studio Command Prompt.
Type the following command sample:
sn -i "c:\Pathtofile\.pfx" VS_KEY_C1D3ACB8FBF1AGK4
注意: 具有-i参数的sn.exe将密钥对从安装到名为的密钥容器中.
Note: The sn.exe with the -i parameter, installs a key pair from into a key container named.
- 将pfx文件重新导入到Visual Studio中.
您还可以尝试创建PowerShell脚本,并在构建定义中运行pre-build scripts来导入证书.
You can also try to create a PowerShell script and run pre-build scripts in your build definition to import the certificate.
PowerShell脚本示例供您参考:
The PowerShell script sample for your reference:
$pfxpath = 'pathtoees.pfx'
$password = 'password'
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
参考这些线程:
- Visual studio team services deploymen/buildt certificate error
- Cannot import the keyfile 'blah.pfx' - error 'The keyfile may be password protected'
- Build and Publish a ClickOnce App using Team Build/VSO. (The last section about using a certificate from store)
这篇关于签名时发生错误:无法签名file.exe. SignTool错误:未找到符合所有给定条件的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
