Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

Fri, 22 Apr 2016 13:38:36 -0700

My understanding was that a certain category of Safenet dongles could be configured to be "rdp enabled" though I'm not certain this is something digicert, or the dongles they issue, are capable of. My hope was that Ed's solution would magically circumvent this limitation. I'm also in the process of talking to verisign/symantec to see if their hardware solution handles jenkins/CI any better. 

On 4/22/2016 4:33 PM, Vikram Parthasarathy wrote:
I've had the same experience. The dongle cannot be used from an RDP session. And RDPing into the machine will require the password to be re-entered. I spoke to the vendor (Safenet) and they said RDP is not supported and it was intentionally done for security purposes. 


On Fri, Apr 22, 2016 at 3:20 PM, Tim Mills 
<tmi...@citystateentertainment.com 
<mailto:tmi...@citystateentertainment.com>> wrote:


    I'm investigating this solution and I'm curious if you know if
    RDPing into the box will cause bad things to happen?  My
    experience has been that the dongle doesn't work for RDP users and
    each time I RDP into the box I have to re-enter the password by
    logging into a local session.  I'm worried that this would cause
    code signing to fail if a build happens to sign while someone is
    RDPd in.

    On Thursday, August 27, 2015 at 11:55:57 AM UTC-4, Ed of the
    Mountain wrote:

        Solved.

        Disable jenkins service and replace with slave-agent.jnlp.

        Yay! I finally have automatic EV code signing!

        -Ed


        On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the
        Mountain wrote:

            When I try to code sign in my Jenkins job I receive a
            SignTool error:

            c:\jenkins\workspace\codesign-windows>

            signtool sign /thttp://timestamp.digicert.com 
<http://timestamp.digicert.com/>  /n "Acme Inc." code.exe

            SignTool Error: No certificates were found that met all the given 
criteria.

            I am using a DigiCert Extend Validation ( EV ) USB token
            that requires the USB token be connected to the build
            machine.  This works fine when logged on as normal user.

              * I am running Jenkins as a Windows service.
              * Service Log On is set to Local System account.
              * Service is *_allowed to interact with desktop._*

            When I logon as a normal user to the build machine, it works fine.

            1 - signtool sign /thttp://timestamp.digicert.com 
<http://timestamp.digicert.com/>  /n "Acme Inc." code.exe

            2 - This triggers a pop-up "Token Logon" dialog that requires user 
interaction

            3 - I have a separate "Token Logon" watcher that finds the WIndows 
ID and enters password.

            4 - Code is signed automatically

            C:\jenkins\workspace\codesign-windows>signtool sign /t
            http://timestamp.digicert .com /n "The Charles Machine
            Works, Inc." token-logon.exe Done Adding Additional Store
            Successfully signed: token-logon.exe

            Any suggestions to try are much appreciated,

            -Ed


    -- 
    You received this message because you are subscribed to a topic in

    the Google Groups "Jenkins Users" group.
    To unsubscribe from this topic, visit
    https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe.
    To unsubscribe from this group and all its topics, send an email
    to jenkinsci-users+unsubscr...@googlegroups.com
    <mailto:jenkinsci-users+unsubscr...@googlegroups.com>.
    To view this discussion on the web visit
    
https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com
    
<https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout.


--

You received this message because you are subscribed to a topic in the 
Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
jenkinsci-users+unsubscr...@googlegroups.com 
<mailto:jenkinsci-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CADE%2BD%2BVq8CepSpWLmYpqM05q6aOFFc-cZFfj0NwZUcYT%2B%2BRteg%40mail.gmail.com 
<https://groups.google.com/d/msgid/jenkinsci-users/CADE%2BD%2BVq8CepSpWLmYpqM05q6aOFFc-cZFfj0NwZUcYT%2B%2BRteg%40mail.gmail.com?utm_medium=email&utm_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Jenkins 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/571A8B92.7040702%40citystateentertainment.com.
For more options, visit https://groups.google.com/d/optout.






















					Reply via email to