Jenkins 由于私钥筛选器的原因,signtool.exe有时无法使用证书
在构建服务器上,我们使用signtool.exe对工件进行签名 每次都会将相同的参数传递给signtool.exe,但由于“私钥过滤器”未使用我们的证书,因此它会失败或偶尔传递 我们已经使用该流程一段时间了,但从2019年3月27日上午开始出现故障 我们使用以下参数启动signtool.exe进程:Jenkins 由于私钥筛选器的原因,signtool.exe有时无法使用证书,jenkins,amazon-ec2,certificate,signtool,Jenkins,Amazon Ec2,Certificate,Signtool,在构建服务器上,我们使用signtool.exe对工件进行签名 每次都会将相同的参数传递给signtool.exe,但由于“私钥过滤器”未使用我们的证书,因此它会失败或偶尔传递 我们已经使用该流程一段时间了,但从2019年3月27日上午开始出现故障 我们使用以下参数启动signtool.exe进程: sign/fd sha256/f“cert.p12”/p certPass/du hostSiteHere/v/debug/tr timeStampUrl“fileNames” 规格 -signto
sign/fd sha256/f“cert.p12”/p certPass/du hostSiteHere/v/debug/tr timeStampUrl“fileNames”
规格
-signtool.exe来自windows 10 sdk
-构建服务器作为windows 2016 server ec2实例托管在AWS中
-jenkins(v2.1.68)使用AmazonEC2插件(v1.42)运行构建
日志,取决于是否通过或失败:
- 通过
- 失败
- 同一个ec2实例可以成功工作,但稍后会失败
- 如果用户将RDPs插入ec2实例,则发生故障的ec2实例可能会开始工作
- 每次都会传递相同的证书、signtool.exe和参数
The following certificates were considered:
Issued to: myCompany, Inc.
Issued by: DigiCert SHA2 Assured ID Code Signing CA
Expires: Wed Oct 30 12:00:00 2019
SHA1 hash: myCertSha1Hash
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 1 certs were left.
The following certificate was selected:
Issued to: myCompany, Inc.
Issued by: DigiCert SHA2 Assured ID Code Signing CA
Expires: Wed Oct 30 12:00:00 2019
SHA1 hash: myCertSha1Hash
The following additional certificates will be attached:
Issued to: DigiCert SHA2 Assured ID Code Signing CA
Issued by: DigiCert Assured ID Root CA
Expires: Sun Oct 22 12:00:00 2028
SHA1 hash: digiCertSigningSha1Hash
Done Adding Additional Store
The following certificates were considered:
Issued to: myCompany, Inc.
Issued by: DigiCert SHA2 Assured ID Code Signing CA
Expires: Wed Oct 30 12:00:00 2019
SHA1 hash: myCertSha1Hash
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 0 certs were left.
No certificates were found that met all the given criteria.