Reputation: 1523
##[error]EXEC(0,0): Error information: "Error: SignerSign() failed." (-2146893779/0x8009002d)
While using the Signtool on our build server (windows server 2019) azure-devops pipeline has below error, its a DotNetCoreCLI@2 task:
##[error]EXEC(0,0): Error information: "Error: SignerSign() failed." (-2146893779/0x8009002d)
EXEC : error information: "Error: SignerSign() failed." (-2146893779/0x8009002d)
##[error]EXEC(0,0): Error : An unexpected internal error has occurred.
EXEC : SignTool error : An unexpected internal error has occurred.
Error MSB3073: The command "if Release == Release ("C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\Signtool.exe" sign /sha1 abcd1234 /v /fd sha256 /td sha256 /tr http://timestamp.digicert.com "abcd.dll")" exited with code 1.
I have tried to update the signtool to latest and still its the exact same error as pipeline. Running manually on the server gives same error. The arguments for the task is:
arguments: '-c $(buildConfiguration) -p:PX_CERT_SNK_PATH=/cert/cert.snk /p:VersionNumber=$(applicationVersion) /p:Platform=x86 /p:CodeSigningCertificateFingerprint=$(codeSigningCertificateFingerprint)'
Upvotes: 1
Views: 4068
Answers (3)
Reputation: 41
I had the same issue using signtool.exe. And after breaking my head for some time, I found that the problem was that in the KeyLocker of the site one.digicert.com under Certificates I did not have a 'Signer' under 'Manage signer'. After adding a signer, I was able to start signing with the signtool.exe and with their tool smctl.exe. Really hope this will help others, as the error message is very cryptic.
Upvotes: 1
Reputation: 510
I had the issue too when trying to sign a cert from DigiCert Keylocker using their smctl software.
The issue was that I had to set up my environment variables first, most notably, the SM_HOST and SM_CLIENT_CERT_FILE variables.
Their documentation says to do, this, but their example uses the set command in the command line which sets it only for that one session, meaning, if the command-line is closed, it will forget the variables you set.
Upvotes: 3
Reputation: 1523
Thank you. The issue is fixed. For the latest certificates from the Digicert one they have this need where the signing cannot happen on the individual project file level it has to be in the pipeline which is building the code. So after moving the signing code bit out of our .csproj file it worked.
Upvotes: 0
Related Questions
- SignTool error: SignerSign() failed." (-2147024885/0x8007000b) when signing msi file
- Sign Tool for Azure Trusted Service Account Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
- signtool.exe Error: SignerSign() failed (-2147220492/0x800403f4) when signing Excel Macro
- SignTool Error: The specified timestamp server either could not be reached or returned an invalid response
- signtool Error: Store::ImportCertObject() failed." (-2146885630/0x80092002)
- SignTool unexepected internal error