1

I am using SignTool and a digital certificate to sign dll's.

Signing of dll's is one step of my build process. I use msbuild to build my applications, so it is one of the Target and uses Exec Command to sign the dlls as follows - 

<Exec Command = "signtool sign /a /v /sha1 $(SHA1) $(binPath)\app.exe" />
where $(SHA) is the hash of the certificate 
$(binPath) is the path of the binaries

Now this doesn't sign the dll's and gives me an error stating

SignTool Error: No certificates were found that met all the given criteria.

I tried debug options according to this post

And i got following output

21:00:06,920 INFO  - The following certificates were considered:
21:00:06,923 INFO  - Issued to: <Issued to company name>
21:00:06,923 INFO  -
21:00:06,923 INFO  - Issued by: <Issued by company name>
21:00:06,923 INFO  -
21:00:06,924 INFO  - Expires: Mon Nov 28 05:29:59 2016
21:00:06,924 INFO  -
21:00:06,924 INFO  - SHA1 hash: D5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxDA
21:00:06,924 INFO  -
21:00:06,924 INFO  -
21:00:06,924 INFO  - Issued to: <Issued to company name>
21:00:06,924 INFO  -
21:00:06,924 INFO  - Issued by: <Issued by company name>
21:00:06,924 INFO  -
21:00:06,924 INFO  - Expires: Sun Dec 10 05:29:59 2023
21:00:06,924 INFO  -
21:00:06,924 INFO  - SHA1 hash: D0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBC
21:00:06,924 INFO  -
21:00:06,924 INFO  -
21:00:06,925 INFO  - Issued to: <Issued to company name>
21:00:06,925 INFO  -
21:00:06,925 INFO  - Issued by: <Issued by company name>
21:00:06,925 INFO  -
21:00:06,925 INFO  - Expires: Thu Jul 17 05:29:59 2036
21:00:06,925 INFO  -
21:00:06,925 INFO  - SHA1 hash: 91xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx81
21:00:06,925 INFO  -
21:00:06,925 INFO  -
21:00:06,925 INFO  - After EKU filter, 3 certs were left.
21:00:06,925 INFO  - After expiry filter, 2 certs were left.
21:00:06,925 INFO  - After Hash filter, 0 certs were left.
21:00:06,925 INFO  - After Private Key filter, 0 certs were left.
21:00:06,925 INFO  - SignTool Error: No certificates were found that met all the given criteria.

After getting this output I have no clue as to how should I proceed.

However there is one more observation,

SignTool successfully signs the dll's when it is run through command prompt.

Now this is above thing is making me go crazy.

Request assistance.

Community
  • 1
  • 1
dhiraj suvarna
  • 505
  • 7
  • 20
  • Which SHA1 hash value are you passing in? You do realize that your first certificate in that list expired yesterday right. – selbie Nov 30 '16 at 06:36
  • @selbie: I am using the SHA1 has value of the new certificate that we acquired and Yes i do realize that it did expire, which is valid. – dhiraj suvarna Nov 30 '16 at 09:49

1 Answers1

0

I found the problem, the quick build server is started using a different account other than the one which I was using to logon to it.

So the digital certificate was installed with the account which I was using to logon to my build computer.

Now since the QuickBuild was using different account to build it was not able to find the digital certificate.

I then logged on to the build computer using the account that QuickBuild was using and installed the digital certificate and everything start working.

dhiraj suvarna
  • 505
  • 7
  • 20