Hi Ed, at present I have the same problem like you with Jenkins and signing certificates. I use Certificate Token usb stick from GlobalSign. I get the same error message and the behavior is the same like you above described. (signing works fine when I send the command via Admin console, Jenkins service runs as Admin...).
I am follows your advice and I have disabled the jenkins service and replaced it with slave-agent.jnlp Unfortunately I get the same error message after restart node and build project: No certificates were found that met all the given criteria. This ist the starting message: [01/23/17 10:37:50] Launching agent $ "C:\Program Files (x86)\Jenkins\jre\bin"\java.exe -jar "C:\Program Files (x86)"\Jenkins\slave.jar <===[JENKINS REMOTING CAPACITY]===>channel started Slave.jar version: 3.3 This is a Windows agent Agent successfully connected and online... Do you have any suggestions to solve my problem? Have start the slave node with jenkins? Needs the windows agent special rights? HaPe Am Donnerstag, 27. August 2015 17:55:57 UTC+2 schrieb Ed of the Mountain: > > Solved. > > Disable jenkins service and replace with slave-agent.jnlp. > > Yay! I finally have automatic EV code signing! > > -Ed > > > On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote: >> >> When I try to code sign in my Jenkins job I receive a SignTool error: >> >> >> c:\jenkins\workspace\codesign-windows> >> >> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe >> >> SignTool Error: No certificates were found that met all the given criteria. >> >> >> I am using a DigiCert Extend Validation ( EV ) USB token that requires the >> USB token be connected to the build machine. This works fine when logged on >> as normal user. >> >> >> - I am running Jenkins as a Windows service. >> - Service Log On is set to Local System account. >> - Service is *allowed to interact with desktop.* >> >> >> >> When I logon as a normal user to the build machine, it works fine. >> >> >> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe >> >> 2 - This triggers a pop-up "Token Logon" dialog that requires user >> interaction >> >> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and >> enters password. >> >> 4 - Code is signed automatically >> >> >> C:\jenkins\workspace\codesign-windows>signtool sign /t >> http://timestamp.digicert >> .com /n "The Charles Machine Works, Inc." token-logon.exe >> Done Adding Additional Store >> Successfully signed: token-logon.exe >> >> >> Any suggestions to try are much appreciated, >> >> >> -Ed >> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/4a24a63e-0ea4-4f41-a308-72c364876f60%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
