Jenkins fails in signtool.exe

Question

I am using signtool.exe to sing my msi output through a proj file in Jenkins. My command to sign the msi is, "C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\signtool.exe" sign /f "C:\Build\SignCertificate.cer" /csp "Microsoft Enhanced Cryptographic Provider v1.0" /k privatekeycontainer /t "http://timestamp.verisign.com/scripts/timstamp.dll" "..\Release\output.msi" . The pfx file is added in certificate store.

Whenever i execute it through command prompt it get pass and the msi get signed. But if i try through Jenkins then it fails. Please help me what is wrong.

Answer 1

My problem was solved. The pfx is not imported with the private key properly. Now the leaf tells that it has a private key. So the problem is with the pfx file.

Answer 2

Import sertificate to Machine Store instead of User store. Steps described here http://www.dartmouth.edu/~deploypki/materials/web_authn/pages/IISonXP_AddingTrustedCACertToComputer.htm

Answer 3

Try these steps:

1. Create a user 'Jenkins' as and Administrators group member
2. Run the Jenkins service as the user 'Jenkins'
3. log in as Jenkins user and install the certificate in the user store.
4. Run it through Jenkins

Also, take a look at this link which is very similar to your question: SignTool Error: ISignedCode::Sign returned error: 0x80092006