Import your .pfx-file to Windows Certificate Manager for the user account which is used when building. Then select the correct certificate using signtool
's /sha1
switch, and no password is needed.
- Log in as the build user
- Run
certmgr.msc
- Right-click Certificates - Current User / Personal / Certificates, and select All Tasks / Import...
- Select your .pfx file, enter the password, and click Next and Finish
- Double-click on the imported certificate
- In the Details page, the thumbprint algorithm should be sha1
- Copy the thumbprint, it looks something like
12 34 56 78 90 ab cd ef 12 34 56 78 90 ab cd ef 12 34 56 78
signtool /sha1 1234567890abcdef1234567890abcdef12345678 /t http://timestamp.verisign.com/scripts/timestamp.dll %(SignFiles.Identity)
And step 8 will not ask for a password.