Closed roel4ez closed 4 years ago
After migrating the build to a new build server, which is Windows 2019, it works as expected.
This is not so much a fix, but a workaround.
@roel4ez: I've just struggled with a similar problem: I could use signtool to sign on my dev machine (running Windows 10, build 1909) - but issuing the exact same command on my build server (Azure DevOps self-hosted Agent, Windows Server 2016 Standard) gave "Error: The specified PFX password is not correct". With a little assist from one of our Ops-guys, we imported the cert to the cert store on my dev machine, exported it with a new password - and then used that newly exported cert + updated password on the build server. This worked for us. Hope this can save some time for others!
Having same issue on self-hosted agent (Windows 10, version of signtool is 10.0.18362.1). When setting the password as cleartext to the Pipeline task, it works. But when using a secure variable and mapping as env variable (as documented here: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#secret-variables), it does not work, it fails with error "SignTool Error: The specified PFX password is not correct.".
I have founded my error. In a Command Line Task the variable needs to be surrounded with %MY_VAR%, not $env:MY_VAR as documented here: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/command-line?view=azure-devops&tabs=yaml#arguments Wasn't that clear for me. So if someone else is struggling, maybe that helps :-)
I'm having an issue with the signing, in that it always fails with the following error.
It correctly retries 5 times, but the error is always the same. This happens on a build agent version 2.117.2 running on Windows Server 2016.
1) I am sure the password is correct. The password is fetched from a secure variable. 2) when running the command on my local machine (Windows 10) it works as expected. Version of signtool in authenticode-sign is
10.0.14393.795
. My local version is10.0.17763.1
.I have tried to overwrite the location of the signtool with the latest version in the C:\Program Files (x86)\Windows Kits\10\bin***\folder, but the same error happens.
I've been struggling with this for a while. Any ideas?