We have had the same issue but with our TFS build system and in our case the issue is that the certificate is installed in the machine cert store. Unless the user is an administrator it cannot read from that store normally so we solved it by giving the build server user (which ever user runs the service) read access to the certificate that we want to use to sign our binaries.
regards Petrik On Thursday, 10 March 2016 10:27:51 UTC+13, Steve Sanders wrote: > > Does that mean you have to use a slave? New to Jenkins and am struggling > to use our EV codesigning. Thanks. > > On Thursday, August 27, 2015 at 8:55:57 AM UTC-7, Ed of the Mountain wrote: >> >> Solved. >> >> Disable jenkins service and replace with slave-agent.jnlp. >> >> Yay! I finally have automatic EV code signing! >> >> -Ed >> >> >> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain >> wrote: >>> >>> When I try to code sign in my Jenkins job I receive a SignTool error: >>> >>> >>> c:\jenkins\workspace\codesign-windows> >>> >>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe >>> >>> SignTool Error: No certificates were found that met all the given criteria. >>> >>> >>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the >>> USB token be connected to the build machine. This works fine when logged >>> on as normal user. >>> >>> >>> - I am running Jenkins as a Windows service. >>> - Service Log On is set to Local System account. >>> - Service is *allowed to interact with desktop.* >>> >>> >>> >>> When I logon as a normal user to the build machine, it works fine. >>> >>> >>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe >>> >>> 2 - This triggers a pop-up "Token Logon" dialog that requires user >>> interaction >>> >>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and >>> enters password. >>> >>> 4 - Code is signed automatically >>> >>> >>> C:\jenkins\workspace\codesign-windows>signtool sign /t >>> http://timestamp.digicert >>> .com /n "The Charles Machine Works, Inc." token-logon.exe >>> Done Adding Additional Store >>> Successfully signed: token-logon.exe >>> >>> >>> Any suggestions to try are much appreciated, >>> >>> >>> -Ed >>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7c274f59-b099-4399-9833-1a8a3db38fc7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
