Add strongly named keys (pfx) to all users on a server

603 views
Skip to first unread message

Neelanshu Sharma

unread,
Jan 29, 2015, 5:11:41 AM1/29/15
to jenkins...@googlegroups.com

Apologies for this massive post. 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I am trying to configure a jenkins windows slave msbuild tasks on, but I am having issues with click once projects and its strongly named keys.

Depending on which account installs the PFX key, it depends on what the results and errors are.

BACKGROUND:

Projects (ProjectX and ProjectY)

  • .net 4
  • ClickOnce app
  • uses a pfx key "ABC.pfx" to sign the assembly

Jenkins Windows Slave:

  • the Jenkins windows service runs under the user account "jen...@work.com"
  • As jenkins creates a workspace for each project and branch, we copied the "ABC.pfx" file to c:\

ATTEMPTED RESOLUTION 1:

I remote desktop onto server with my user account:

  • copy ABC.pfx onto the server at C:\

  • Run command prompt as Administrator

    cd c:\ "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\sn.exe" -d VS_KEY_123456789 "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\sn.exe" -i ABC.pfx VS_KEY_123456789

  • Open normal command prompt and run (ClickOnce projects have build, then publish msbuild commands):

    "C:/Windows/Microsoft.NET/Framework/v4.0.30319/MSBuild.exe" "c:/jenkins/workspace/project-x/ProjectX/ProjectX.sln" "/verbosity:normal" /p:configuration="release" /p:outdir="c:/jenkins/workspace/project-x/output/ProjectX/" "/target:Clean;Build" /maxcpucount

    "C:/Windows/Microsoft.NET/Framework/v4.0.30319/MSBuild.exe" "c:/jenkins/workspace/project-x/ProjectX/ProjectX.sln" "/verbosity:normal" /p:configuration="release" /p:outdir="c:/jenkins/workspace/project-x/output/ProjectX/" "/target:Publish" /maxcpucount

  • Both of the msbuid command run fine for me

  • When run under the Jenkins account we get the error:

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets(2482,5): error MSB3326: Cannot import the following key file: ABC.pfx. The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user's personal certificate store. [c:\jenkins\workspace\project-x\ProjectX\ProjectX.csproj]

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets(2482,5): error MSB3321: Importing key file "ABC.pfx" was canceled. [c:\jenkins\workspace\project-x\ProjectX\ProjectX.csproj]

ATTEMPTED RESOLUTION 2:

I remote desktop onto server with the Jenkins user account

  • copy ABC.pfx onto the server at C:\

  • Run command prompt as Administrator

    cd c:\ "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\sn.exe" -d VS_KEY_123456789 "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\sn.exe" -i ABC.pfx VS_KEY_123456789

  • Open normal command prompt and run:

    "C:/Windows/Microsoft.NET/Framework/v4.0.30319/MSBuild.exe" "c:/jenkins/workspace/project-x/ProjectX/ProjectX.sln" "/verbosity:normal" /p:configuration="release" /p:outdir="c:/jenkins/workspace/project-x/output/ProjectX/" "/target:Clean;Build" /maxcpucount

  • Jenkins user account gets the error:

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets(2482,5): error MSB3326: Cannot import the following key file: ABC.pfx. The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user's personal certificate store. [c:\jenkins\workspace\project-x\ProjectX\ProjectX.csproj] C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets(2482,5): error MSB3321: Importing key file "ABC.pfx" was canceled. [c:\jenkins\workspace\project-x\ProjectX\ProjectX.csproj]

  • I also get a build error

Does anyone have any idea how to get the Jenkins user account to acknowledge the PFX key?

Thanks for your help 

Ginga, Dick

unread,
Jan 29, 2015, 8:49:14 AM1/29/15
to jenkins...@googlegroups.com

It clearly has to do with running as the Jenkins user because I have run into this exact problem. But mine got fixed with your Resolution 2. But I just run certmgr and manually import the PFX file. I don’t exactly know what SN does for you.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/233cae59-95dc-4729-945b-fd4b993c4a40%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

jayavardhanreddy jayareddy

unread,
Jun 22, 2020, 7:50:08 AM6/22/20
to Jenkins Users
Any one got solution for below issue.
Reply all
Reply to author
Forward
0 new messages