I'm getting "SignTool Error: Access is Denied" when I attempt to sign a file. When I use an administrator cmd, all works fine. However, this process is going to be used in a TFS 2010 build process and using the InvokeProcess task with signtool gives the same access denied message as a non-administrator command prompt.
More info:
- On a Win2008 R2 enterprise machine.
- User is machine admin and on the domain.
- The TFS Build service is also set to run as this user.
- Using a self signed certificate created using these instructions: How do I create a self-signed certificate for code signing on Windows?
After following these instructions I have the following files:
- MyCA.cer
- MyCA.pvk
- MySPC.cer
- MySPC.pvk
- MySPC.pfx
MyCA is in my Trusted Root Certification Authorities I imported MySPC.pfx into personal certificates, following the advice here: SignTool error: Access is denied
To do the signing I'm using the thumbprint of the MySPC.pfx that was imported into the Personal section so my signtool command looks like:
sign /sha1 1e9d7b5ad98552d9c58944e3f3903e6b929f4819 /t http://timestamp.verisign.com/scripts/timestamp.dll "FileName"
Once again this works in Admin mode. This also works when running cmd as administrator:
sign /f "C:\Code Signing Non-Release\MySPC.pfx" /t http://timestamp.verisign.com/scripts/timestamp.dll "FileName"
New to code signing in general, so any help is welcome.
