I'm investigating this solution and I'm curious if you know if RDPing into the box will cause bad things to happen? My experience has been that the dongle doesn't work for RDP users and each time I RDP into the box I have to re-enter the password by logging into a local session. I'm worried that this would cause code signing to fail if a build happens to sign while someone is RDPd in.
On Thursday, August 27, 2015 at 11:55:57 AM UTC-4, Ed of the Mountain wrote: > > Solved. > > Disable jenkins service and replace with slave-agent.jnlp. > > Yay! I finally have automatic EV code signing! > > -Ed > > > On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote: >> >> When I try to code sign in my Jenkins job I receive a SignTool error: >> >> >> c:\jenkins\workspace\codesign-windows> >> >> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe >> >> SignTool Error: No certificates were found that met all the given criteria. >> >> >> I am using a DigiCert Extend Validation ( EV ) USB token that requires the >> USB token be connected to the build machine. This works fine when logged on >> as normal user. >> >> >> - I am running Jenkins as a Windows service. >> - Service Log On is set to Local System account. >> - Service is *allowed to interact with desktop.* >> >> >> >> When I logon as a normal user to the build machine, it works fine. >> >> >> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe >> >> 2 - This triggers a pop-up "Token Logon" dialog that requires user >> interaction >> >> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and >> enters password. >> >> 4 - Code is signed automatically >> >> >> C:\jenkins\workspace\codesign-windows>signtool sign /t >> http://timestamp.digicert >> .com /n "The Charles Machine Works, Inc." token-logon.exe >> Done Adding Additional Store >> Successfully signed: token-logon.exe >> >> >> Any suggestions to try are much appreciated, >> >> >> -Ed >> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
