Jenkins 由于私钥筛选器的原因，signtool.exe有时无法使用证书

在构建服务器上，我们使用signtool.exe对工件进行签名

每次都会将相同的参数传递给signtool.exe，但由于“私钥过滤器”未使用我们的证书，因此它会失败或偶尔传递

我们已经使用该流程一段时间了，但从2019年3月27日上午开始出现故障

我们使用以下参数启动signtool.exe进程：

sign/fd sha256/f“cert.p12”/p certPass/du hostSiteHere/v/debug/tr timeStampUrl“fileNames”

规格 -signtool.exe来自windows 10 sdk -构建服务器作为windows 2016 server ec2实例托管在AWS中 -jenkins（v2.1.68）使用AmazonEC2插件（v1.42）运行构建

日志，取决于是否通过或失败：

• 通过

• 失败

需要注意的奇怪行为：

• 同一个ec2实例可以成功工作，但稍后会失败
• 如果用户将RDPs插入ec2实例，则发生故障的ec2实例可能会开始工作
• 每次都会传递相同的证书、signtool.exe和参数

The following certificates were considered:
    Issued to: myCompany, Inc.
    Issued by: DigiCert SHA2 Assured ID Code Signing CA
    Expires:   Wed Oct 30 12:00:00 2019
    SHA1 hash: myCertSha1Hash
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 1 certs were left.
The following certificate was selected:
    Issued to: myCompany, Inc.
    Issued by: DigiCert SHA2 Assured ID Code Signing CA
    Expires:   Wed Oct 30 12:00:00 2019
    SHA1 hash: myCertSha1Hash
The following additional certificates will be attached:
    Issued to: DigiCert SHA2 Assured ID Code Signing CA
    Issued by: DigiCert Assured ID Root CA
    Expires:   Sun Oct 22 12:00:00 2028
    SHA1 hash: digiCertSigningSha1Hash
Done Adding Additional Store

The following certificates were considered:
    Issued to: myCompany, Inc.
    Issued by: DigiCert SHA2 Assured ID Code Signing CA
    Expires:   Wed Oct 30 12:00:00 2019
    SHA1 hash: myCertSha1Hash
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Private Key filter, 0 certs were left.
No certificates were found that met all the given criteria.