Facing issue with code signing with CI/CD

231 views Asked by At

I got struck somewhere, actually recently got a code signing certificate from DigiCert. They have given us a “crt” format certificate, previously we were using pfx format certificate. Now the thing is we were able to do the manual signing with the new certificate using SignTool.exe, signing with sign tool It will ask for password

This is the powershell code I've used, with the commented lines we were able to sign in before.

$signtool = "C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64\signtool.exe" if (!(Test-Path "$signtool")) { $signtool = "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" } Write-Host "Signtool path: $signtool"

#$pfxpassword = "************"
$pfxpassword = "************"

#Remove Zipping code from line 31-34 once above line is enabled
$packageName = $kpi.Value
Get-ChildItem -Path "C:\Smcty_Latest_Packages" -Filter "$packageName*.zip" -Recurse | ForEach-Object {
    $zipFilePath = "C:\Smcty_Latest_Packages\$packageName*.zip"
    Expand-Archive -Path $zipFilePath -DestinationPath $destinationFolder -Force
    #TO DO digtal signing to the all smcty dlls of service project
    $dllFiles = Get-ChildItem -Path $destinationFolder -Filter "*smcty*.dll" -Recurse
    foreach ($dll in $dllFiles) {
        #& $signtool sign /tr http://timestamp.digicert.com /td sha256 /f "..\Certificate\HTS.pfx" /p $pfxpassword $dll.FullName
        & $signtool sign /tr http://timestamp.digicert.com /td sha256 /f "C:\Certs2\************_international_s__rl.crt" /p $pfxpassword $dll.FullName
    }

}

if (Test-path("$destinationFolder\appsettings.development.json")) {
    Write-Host "Removing appsettings.json files from $destinationFolder"
    Get-ChildItem -Path $destinationFolder -Recurse -Filter "appsettings*.json" -Exclude "appsettings.development.json" | Remove-Item

    Write-Host "Replacing correct appsettings.json file in $destinationFolder"
    Rename-Item -Path "$destinationFolder\appsettings.development.json" "appsettings.json"
}

but when we try to implement that in pipeline the signature is not happening. we are getting this error (SignTool Error: No certificates were found that met all the given criteria.) Can anyone help me here with the exact syntax. Thanks in advance (We got one zip file with 3 certs and usb token from DigiCert). we tried this systax too.

Note: The DigiCert support team is telling not to convert from crt to pfx.

expecting the powershell code or syntax which I can implemnet in pipeline.

0

There are 0 answers