Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-09-06 Thread Simon Richter 
Hi,

> > Because the code signing tool requires interaction with the desktop, it 
> > requires that you must be logged in (or at least that is my theory).  There 
> > are techniques to configure processes to run without being logged in, but 
> > they all tend to leave the process with no access to the desktop or limited 
> > access to the desktop.

Sorry I'm late to the party. We use signtool just fine without a Desktop
login.

The important bit is that the Jenkins service needs to run as the user that
installed the certificate to the certificate store. Code signing
certificates are personal certificates, so they are attached to the user
account.

I've created a separate user for Jenkins, logged in as that user, installed
the certificate to the user's certificate store and then configured to run
the Jenkins service as that user.

The service does not need Desktop access (in fact that is suboptimal, as
some errors during build are then reported through inaccessible dialogs,
causing the build to hang.

   Simon

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20190906093411.GE5841%40psi5.com.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-09-05 Thread Chia-Yu Wu 
OK , I understand now.
Mark , thanks for your help.

Mark Waite於 2019年9月5日星期四 UTC+8下午6時01分40秒寫道:
>
> Because the code signing tool requires interaction with the desktop, it 
> requires that you must be logged in (or at least that is my theory).  There 
> are techniques to configure processes to run without being logged in, but 
> they all tend to leave the process with no access to the desktop or limited 
> access to the desktop.
>
> You'll need to leave the agent connected to the master from a running 
> desktop session.
>
> On Thu, Sep 5, 2019 at 12:53 AM *佳諭* > 
> wrote:
>
>> Hi Mark,
>> Thanks for your reply.
>> I have follow your suggestion, and add a slave node on the same computer.
>> Because I can't find the "Jave web start" option in the Launch method, I 
>> create a slave node with "Launch agent by connecting it to the master "
>> I download the agent.jar then execute the following command in the 
>> console with administrator privilege.
>> "java -jar agent.jar -jnlpUrl 
>> http:///slave-agent.jnlp -screct 
>> xxx -workDir c:\x"
>> Finally, my slave node online.
>> But if I log out this computer (because this computer is a VM), my slave 
>> node offline (disconnect).
>>
>> I hope my code can submit from svn or git then automatically build 
>> through MSBuild which project have post-build event with the ev sign script.
>> But if I use master node to build , I'll get the error about "No 
>> certificates were found that met all the given criteria". 
>> It seems master node not have enough privilege to interact with desktop 
>> sign application.
>> If I build a new slave node with "Launch agent by connecting it to the 
>> master ", MSBuild and post-build sign event cant successfully build and 
>> sign code,
>> but it need to keep the node login.
>> If I login the vm, the slave node will disconnect.
>>
>> Is there any way to keep the slave node online? (and also can have enough 
>> privilege for ev usb token sign)   
>> Thanks for your help.
>>  
>>
>>
>> Mark Waite > 於 2019年9月5日 週四 上午6:14寫道:
>>
>>>
>>>
>>> On Wed, Sep 4, 2019 at 4:06 PM Chia-Yu Wu >> > wrote:
>>>
 Hi Mark, 
 I have the same issue with ev sign (usb token) code through jenkins.
 It work fine if i do ev sign in admin role command line.
 But if let it auto build and sign through, the jenkins console will 
 show the following error message:

 "No certificates were found that met all the given criteria"

 I have read your suggestion, using the agent to "Launch agent via Java 
 Web Start" instead of runnig jenkins as windows service.
 But I don't have a slave node, my jenkins only have a default master 
 node, I can't config the master node "Launch agent via Java Web Start"

 Could you help me about this issue?
 I'll very appreciate your help.


>>> If you're running the master as a service, then you'll need to add an 
>>> agent which is running on the desktop.  The agent can be on the same 
>>> computer where you run the Jenkins master, but the new agent will need to 
>>> be launched from the desktop.
>>>
>>> If you're running the master from a command line, then it should work.
>>>
>>> Thanks,
>>> Mark Waite
>>>  
>>>

 Mark Waite於 2019年5月9日星期四 UTC+8下午10時59分13秒寫道:
>
>
>
> On Thu, May 9, 2019 at 6:13 AM A M  wrote:
>
>> Thanks a lot Mark for your quick response!   As I understand it the 
>> goal is to create a slave/agent that will run the code signing directly 
>> on 
>> windows, instead of a service. great idea!
>>
>> However, I am stuck at step 4, I dond't see the "Launch agent via 
>> Java Web Start" option. I found a general solution online 
>> ,
>>  
>> by specifying a concrete or random port in the Global Security TCP 
>> settings. I tried both, and even restarted Jenkins a couple of times, 
>> and 
>> it doesn't show up. 
>>
>>
> I think you are on the right path.  That solution is the correct 
> solution.
>
> Here are the screen shots that I used to confirm it is working with 
> Jenkins 2.164.2:
>
> *Jenkins -> Configure Global Security -> Agents -> Port 5*
>
> [image: Annotation 2019-05-09 084830.jpg]
>
> *Jenkins -> Build Executor Status -> New Node*
>
> [image: Annotation 2019-05-09 084942.jpg]
>
> *Node name -> Permanent Agent -> OK*
>
> [image: Annotation 2019-05-09 085016.jpg]
>
> Name -> Description -> Remote root directory -> Launch Method "Launch 
> agent via Java Web Start"
>
> [image: Annotation 2019-05-09 085149.jpg]
>
> Mark Waite
>  
>
>> I only see 1) Launch agent by connecting it to the master, 2) ... via 
>> execution of command on the master, 3) ... Let Jenkins control this 
>

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-09-05 Thread Mark Waite 
Because the code signing tool requires interaction with the desktop, it
requires that you must be logged in (or at least that is my theory).  There
are techniques to configure processes to run without being logged in, but
they all tend to leave the process with no access to the desktop or limited
access to the desktop.

You'll need to leave the agent connected to the master from a running
desktop session.

On Thu, Sep 5, 2019 at 12:53 AM *佳諭*  wrote:

> Hi Mark,
> Thanks for your reply.
> I have follow your suggestion, and add a slave node on the same computer.
> Because I can't find the "Jave web start" option in the Launch method, I
> create a slave node with "Launch agent by connecting it to the master "
> I download the agent.jar then execute the following command in the console
> with administrator privilege.
> "java -jar agent.jar -jnlpUrl
> http:///slave-agent.jnlp -screct
> xxx -workDir c:\x"
> Finally, my slave node online.
> But if I log out this computer (because this computer is a VM), my slave
> node offline (disconnect).
>
> I hope my code can submit from svn or git then automatically build through
> MSBuild which project have post-build event with the ev sign script.
> But if I use master node to build , I'll get the error about "No
> certificates were found that met all the given criteria".
> It seems master node not have enough privilege to interact with desktop
> sign application.
> If I build a new slave node with "Launch agent by connecting it to the
> master ", MSBuild and post-build sign event cant successfully build and
> sign code,
> but it need to keep the node login.
> If I login the vm, the slave node will disconnect.
>
> Is there any way to keep the slave node online? (and also can have enough
> privilege for ev usb token sign)
> Thanks for your help.
>
>
>
> Mark Waite  於 2019年9月5日 週四 上午6:14寫道:
>
>>
>>
>> On Wed, Sep 4, 2019 at 4:06 PM Chia-Yu Wu  wrote:
>>
>>> Hi Mark,
>>> I have the same issue with ev sign (usb token) code through jenkins.
>>> It work fine if i do ev sign in admin role command line.
>>> But if let it auto build and sign through, the jenkins console will show
>>> the following error message:
>>>
>>> "No certificates were found that met all the given criteria"
>>>
>>> I have read your suggestion, using the agent to "Launch agent via Java
>>> Web Start" instead of runnig jenkins as windows service.
>>> But I don't have a slave node, my jenkins only have a default master
>>> node, I can't config the master node "Launch agent via Java Web Start"
>>>
>>> Could you help me about this issue?
>>> I'll very appreciate your help.
>>>
>>>
>> If you're running the master as a service, then you'll need to add an
>> agent which is running on the desktop.  The agent can be on the same
>> computer where you run the Jenkins master, but the new agent will need to
>> be launched from the desktop.
>>
>> If you're running the master from a command line, then it should work.
>>
>> Thanks,
>> Mark Waite
>>
>>
>>>
>>> Mark Waite於 2019年5月9日星期四 UTC+8下午10時59分13秒寫道:



 On Thu, May 9, 2019 at 6:13 AM A M  wrote:

> Thanks a lot Mark for your quick response!   As I understand it the
> goal is to create a slave/agent that will run the code signing directly on
> windows, instead of a service. great idea!
>
> However, I am stuck at step 4, I dond't see the "Launch agent via Java
> Web Start" option. I found a general solution online
> ,
> by specifying a concrete or random port in the Global Security TCP
> settings. I tried both, and even restarted Jenkins a couple of times, and
> it doesn't show up.
>
>
 I think you are on the right path.  That solution is the correct
 solution.

 Here are the screen shots that I used to confirm it is working with
 Jenkins 2.164.2:

 *Jenkins -> Configure Global Security -> Agents -> Port 5*

 [image: Annotation 2019-05-09 084830.jpg]

 *Jenkins -> Build Executor Status -> New Node*

 [image: Annotation 2019-05-09 084942.jpg]

 *Node name -> Permanent Agent -> OK*

 [image: Annotation 2019-05-09 085016.jpg]

 Name -> Description -> Remote root directory -> Launch Method "Launch
 agent via Java Web Start"

 [image: Annotation 2019-05-09 085149.jpg]

 Mark Waite


> I only see 1) Launch agent by connecting it to the master, 2) ... via
> execution of command on the master, 3) ... Let Jenkins control this 
> Windows
> slave as a Windows service.
>
>
 That likely indicates that you installed the 'windows-slaves' or
 'windows-agents' plugin.  You don't need that plugin and generally don't
 want it.  The technique it uses to start the agent is based on DCOM, is
 exceptionally brittle, a

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-09-04 Thread *佳諭* 
Hi Mark,
Thanks for your reply.
I have follow your suggestion, and add a slave node on the same computer.
Because I can't find the "Jave web start" option in the Launch method, I
create a slave node with "Launch agent by connecting it to the master "
I download the agent.jar then execute the following command in the console
with administrator privilege.
"java -jar agent.jar -jnlpUrl
http:///slave-agent.jnlp -screct
xxx -workDir c:\x"
Finally, my slave node online.
But if I log out this computer (because this computer is a VM), my slave
node offline (disconnect).

I hope my code can submit from svn or git then automatically build through
MSBuild which project have post-build event with the ev sign script.
But if I use master node to build , I'll get the error about "No
certificates were found that met all the given criteria".
It seems master node not have enough privilege to interact with desktop
sign application.
If I build a new slave node with "Launch agent by connecting it to the
master ", MSBuild and post-build sign event cant successfully build and
sign code,
but it need to keep the node login.
If I login the vm, the slave node will disconnect.

Is there any way to keep the slave node online? (and also can have enough
privilege for ev usb token sign)
Thanks for your help.



Mark Waite  於 2019年9月5日 週四 上午6:14寫道:

>
>
> On Wed, Sep 4, 2019 at 4:06 PM Chia-Yu Wu  wrote:
>
>> Hi Mark,
>> I have the same issue with ev sign (usb token) code through jenkins.
>> It work fine if i do ev sign in admin role command line.
>> But if let it auto build and sign through, the jenkins console will show
>> the following error message:
>>
>> "No certificates were found that met all the given criteria"
>>
>> I have read your suggestion, using the agent to "Launch agent via Java
>> Web Start" instead of runnig jenkins as windows service.
>> But I don't have a slave node, my jenkins only have a default master
>> node, I can't config the master node "Launch agent via Java Web Start"
>>
>> Could you help me about this issue?
>> I'll very appreciate your help.
>>
>>
> If you're running the master as a service, then you'll need to add an
> agent which is running on the desktop.  The agent can be on the same
> computer where you run the Jenkins master, but the new agent will need to
> be launched from the desktop.
>
> If you're running the master from a command line, then it should work.
>
> Thanks,
> Mark Waite
>
>
>>
>> Mark Waite於 2019年5月9日星期四 UTC+8下午10時59分13秒寫道:
>>>
>>>
>>>
>>> On Thu, May 9, 2019 at 6:13 AM A M  wrote:
>>>
 Thanks a lot Mark for your quick response!   As I understand it the
 goal is to create a slave/agent that will run the code signing directly on
 windows, instead of a service. great idea!

 However, I am stuck at step 4, I dond't see the "Launch agent via Java
 Web Start" option. I found a general solution online
 ,
 by specifying a concrete or random port in the Global Security TCP
 settings. I tried both, and even restarted Jenkins a couple of times, and
 it doesn't show up.


>>> I think you are on the right path.  That solution is the correct
>>> solution.
>>>
>>> Here are the screen shots that I used to confirm it is working with
>>> Jenkins 2.164.2:
>>>
>>> *Jenkins -> Configure Global Security -> Agents -> Port 5*
>>>
>>> [image: Annotation 2019-05-09 084830.jpg]
>>>
>>> *Jenkins -> Build Executor Status -> New Node*
>>>
>>> [image: Annotation 2019-05-09 084942.jpg]
>>>
>>> *Node name -> Permanent Agent -> OK*
>>>
>>> [image: Annotation 2019-05-09 085016.jpg]
>>>
>>> Name -> Description -> Remote root directory -> Launch Method "Launch
>>> agent via Java Web Start"
>>>
>>> [image: Annotation 2019-05-09 085149.jpg]
>>>
>>> Mark Waite
>>>
>>>
 I only see 1) Launch agent by connecting it to the master, 2) ... via
 execution of command on the master, 3) ... Let Jenkins control this Windows
 slave as a Windows service.


>>> That likely indicates that you installed the 'windows-slaves' or
>>> 'windows-agents' plugin.  You don't need that plugin and generally don't
>>> want it.  The technique it uses to start the agent is based on DCOM, is
>>> exceptionally brittle, and is very hard to use.  You can (and probably
>>> should) remove the windows-slaves or windows-agents plugin.  Agents run on
>>> Windows quite well without needing that plugin.
>>>
>>>
 Also checked if there are any updates of Jenkins, only some unrelated
 plugin-updates are available. Anything else I could check?

 Thank you!

 Am Mittwoch, 8. Mai 2019 16:05:00 UTC+2 schrieb Mark Waite:
>
>
>
> On Wednesday, May 8, 2019 at 7:18:31 AM UTC-6, A M wrote:
>>
>> hi Mark
>>
>> I am struggling with a very similar issue. What exactly do you mean
>> by

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-09-04 Thread Chia-Yu Wu 
Hi Mark, 
I have the same issue with ev sign (usb token) code through jenkins.
It work fine if i do ev sign in admin role command line.
But if let it auto build and sign through, the jenkins console will show 
the following error message:

"No certificates were found that met all the given criteria"

I have read your suggestion, using the agent to "Launch agent via Java Web 
Start" instead of runnig jenkins as windows service.
But I don't have a slave node, my jenkins only have a default master node, 
I can't config the master node "Launch agent via Java Web Start"

Could you help me about this issue?
I'll very appreciate your help.


Mark Waite於 2019年5月9日星期四 UTC+8下午10時59分13秒寫道:
>
>
>
> On Thu, May 9, 2019 at 6:13 AM A M > 
> wrote:
>
>> Thanks a lot Mark for your quick response!   As I understand it the goal 
>> is to create a slave/agent that will run the code signing directly on 
>> windows, instead of a service. great idea!
>>
>> However, I am stuck at step 4, I dond't see the "Launch agent via Java 
>> Web Start" option. I found a general solution online 
>> ,
>>  
>> by specifying a concrete or random port in the Global Security TCP 
>> settings. I tried both, and even restarted Jenkins a couple of times, and 
>> it doesn't show up. 
>>
>>
> I think you are on the right path.  That solution is the correct solution.
>
> Here are the screen shots that I used to confirm it is working with 
> Jenkins 2.164.2:
>
> *Jenkins -> Configure Global Security -> Agents -> Port 5*
>
> [image: Annotation 2019-05-09 084830.jpg]
>
> *Jenkins -> Build Executor Status -> New Node*
>
> [image: Annotation 2019-05-09 084942.jpg]
>
> *Node name -> Permanent Agent -> OK*
>
> [image: Annotation 2019-05-09 085016.jpg]
>
> Name -> Description -> Remote root directory -> Launch Method "Launch 
> agent via Java Web Start"
>
> [image: Annotation 2019-05-09 085149.jpg]
>
> Mark Waite
>  
>
>> I only see 1) Launch agent by connecting it to the master, 2) ... via 
>> execution of command on the master, 3) ... Let Jenkins control this Windows 
>> slave as a Windows service.
>>
>>
> That likely indicates that you installed the 'windows-slaves' or 
> 'windows-agents' plugin.  You don't need that plugin and generally don't 
> want it.  The technique it uses to start the agent is based on DCOM, is 
> exceptionally brittle, and is very hard to use.  You can (and probably 
> should) remove the windows-slaves or windows-agents plugin.  Agents run on 
> Windows quite well without needing that plugin.
>  
>
>> Also checked if there are any updates of Jenkins, only some unrelated 
>> plugin-updates are available. Anything else I could check?
>>
>> Thank you!
>>
>> Am Mittwoch, 8. Mai 2019 16:05:00 UTC+2 schrieb Mark Waite:
>>>
>>>
>>>
>>> On Wednesday, May 8, 2019 at 7:18:31 AM UTC-6, A M wrote:

 hi Mark

 I am struggling with a very similar issue. What exactly do you mean by 
 your comment and how do I achieve this?


>>> I said:
>>>
>>> > Run the Windows agent from the Windows desktop rather than running it 
>>> from a service which has been allowed to interact with the desktop.
>>>
>>> The most direct way to implement what I described is to:
>>>
>>>1. Login to the Windows desktop machine where code signing will be 
>>>run
>>>2. Open a web browser to the Jenkins server
>>>3. Create an agent (a node) to represent that Windows computer
>>>4. Configure the agent to "Launch agent via Java Web Start"
>>>5. Define the required agent fields (like a remote root directory - 
>>>I prefer 'C:\J\' to reduce problems with Windows and long paths) and 
>>> save 
>>>the configuration of that agent
>>>6. Download the 'agent.jar' file from the hyperlink on the web page, 
>>>save it somewhere convenient (like C:\J\agent.jar)
>>>7. Open a command prompt window on the Windows desktop machine and 
>>>change to the convenient directory C:\J
>>>8. Copy the 'Run from agent command line" from the web page into the 
>>>command prompt window
>>>
>>> Thanks for asking!
>>> Mark Waite
>>>  
>>>
 I want to run the signtool.exe together with the certificate on a USB 
 token as an AfterPublish job in Jenkins. Jenkins is running as admin. 
 Single sign-on is activated for the USB token. Running signtool.exe in the 
 admin console works, running the same command through Jenkins results 
 in the "No certificates were found that met all the given criteria." 
 error.

 Any help is much appreciated. Thank you!
>
> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkins...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-us

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-09-04 Thread Mark Waite 
On Wed, Sep 4, 2019 at 4:06 PM Chia-Yu Wu  wrote:

> Hi Mark,
> I have the same issue with ev sign (usb token) code through jenkins.
> It work fine if i do ev sign in admin role command line.
> But if let it auto build and sign through, the jenkins console will show
> the following error message:
>
> "No certificates were found that met all the given criteria"
>
> I have read your suggestion, using the agent to "Launch agent via Java Web
> Start" instead of runnig jenkins as windows service.
> But I don't have a slave node, my jenkins only have a default master node,
> I can't config the master node "Launch agent via Java Web Start"
>
> Could you help me about this issue?
> I'll very appreciate your help.
>
>
If you're running the master as a service, then you'll need to add an agent
which is running on the desktop.  The agent can be on the same computer
where you run the Jenkins master, but the new agent will need to be
launched from the desktop.

If you're running the master from a command line, then it should work.

Thanks,
Mark Waite


>
> Mark Waite於 2019年5月9日星期四 UTC+8下午10時59分13秒寫道:
>>
>>
>>
>> On Thu, May 9, 2019 at 6:13 AM A M  wrote:
>>
>>> Thanks a lot Mark for your quick response!   As I understand it the goal
>>> is to create a slave/agent that will run the code signing directly on
>>> windows, instead of a service. great idea!
>>>
>>> However, I am stuck at step 4, I dond't see the "Launch agent via Java
>>> Web Start" option. I found a general solution online
>>> ,
>>> by specifying a concrete or random port in the Global Security TCP
>>> settings. I tried both, and even restarted Jenkins a couple of times, and
>>> it doesn't show up.
>>>
>>>
>> I think you are on the right path.  That solution is the correct solution.
>>
>> Here are the screen shots that I used to confirm it is working with
>> Jenkins 2.164.2:
>>
>> *Jenkins -> Configure Global Security -> Agents -> Port 5*
>>
>> [image: Annotation 2019-05-09 084830.jpg]
>>
>> *Jenkins -> Build Executor Status -> New Node*
>>
>> [image: Annotation 2019-05-09 084942.jpg]
>>
>> *Node name -> Permanent Agent -> OK*
>>
>> [image: Annotation 2019-05-09 085016.jpg]
>>
>> Name -> Description -> Remote root directory -> Launch Method "Launch
>> agent via Java Web Start"
>>
>> [image: Annotation 2019-05-09 085149.jpg]
>>
>> Mark Waite
>>
>>
>>> I only see 1) Launch agent by connecting it to the master, 2) ... via
>>> execution of command on the master, 3) ... Let Jenkins control this Windows
>>> slave as a Windows service.
>>>
>>>
>> That likely indicates that you installed the 'windows-slaves' or
>> 'windows-agents' plugin.  You don't need that plugin and generally don't
>> want it.  The technique it uses to start the agent is based on DCOM, is
>> exceptionally brittle, and is very hard to use.  You can (and probably
>> should) remove the windows-slaves or windows-agents plugin.  Agents run on
>> Windows quite well without needing that plugin.
>>
>>
>>> Also checked if there are any updates of Jenkins, only some unrelated
>>> plugin-updates are available. Anything else I could check?
>>>
>>> Thank you!
>>>
>>> Am Mittwoch, 8. Mai 2019 16:05:00 UTC+2 schrieb Mark Waite:



 On Wednesday, May 8, 2019 at 7:18:31 AM UTC-6, A M wrote:
>
> hi Mark
>
> I am struggling with a very similar issue. What exactly do you mean by
> your comment and how do I achieve this?
>
>
 I said:

 > Run the Windows agent from the Windows desktop rather than running it
 from a service which has been allowed to interact with the desktop.

 The most direct way to implement what I described is to:

1. Login to the Windows desktop machine where code signing will be
run
2. Open a web browser to the Jenkins server
3. Create an agent (a node) to represent that Windows computer
4. Configure the agent to "Launch agent via Java Web Start"
5. Define the required agent fields (like a remote root directory -
I prefer 'C:\J\' to reduce problems with Windows and long paths) and 
 save
the configuration of that agent
6. Download the 'agent.jar' file from the hyperlink on the web
page, save it somewhere convenient (like C:\J\agent.jar)
7. Open a command prompt window on the Windows desktop machine and
change to the convenient directory C:\J
8. Copy the 'Run from agent command line" from the web page into
the command prompt window

 Thanks for asking!
 Mark Waite


> I want to run the signtool.exe together with the certificate on a USB
> token as an AfterPublish job in Jenkins. Jenkins is running as admin.
> Single sign-on is activated for the USB token. Running signtool.exe in the
> admin console works, running the same command through Jenkins resu

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-05-13 Thread A M 
Thanks, Mark! That's exactly how/where I specified the Global Security TCP 
Settings. Also, I've just updated Jenkins to the latest update 2.177. 
Still, the "Launch agent via Java Web Start" option is not showing up.

Per your suggestion, I've tried to remove the "WMI Windows Agents" plugin. 
However, it has multiple dependencies, such as "jQuery plugin", "build 
timeout plugin", etc. (see Screenshot) that I'd need to uninstall as well. 
Since I have not initially setup our Jenkins, I am not sure what other 
issues I'll create when I start to uninstall multiple plugins...

[image: jenkins-uninstall.PNG]
 

So it seems that as long as the "WMI Windows Agents" plugin is installed, I 
cannot use "Java Web Start"? Why can I not use both?

I've also checked again, "javaws" is indeed installed and can be run.

Is there a way to create a slave/agent with "WMI Windows Agent" that does 
the same?

Thanks for your help!

Am Donnerstag, 9. Mai 2019 16:59:13 UTC+2 schrieb Mark Waite:
>
>
>
> On Thu, May 9, 2019 at 6:13 AM A M > 
> wrote:
>
>> Thanks a lot Mark for your quick response!   As I understand it the goal 
>> is to create a slave/agent that will run the code signing directly on 
>> windows, instead of a service. great idea!
>>
>> However, I am stuck at step 4, I dond't see the "Launch agent via Java 
>> Web Start" option. I found a general solution online 
>> ,
>>  
>> by specifying a concrete or random port in the Global Security TCP 
>> settings. I tried both, and even restarted Jenkins a couple of times, and 
>> it doesn't show up. 
>>
>>
> I think you are on the right path.  That solution is the correct solution.
>
> Here are the screen shots that I used to confirm it is working with 
> Jenkins 2.164.2:
>
> *Jenkins -> Configure Global Security -> Agents -> Port 5*
>
> [image: Annotation 2019-05-09 084830.jpg]
>
> *Jenkins -> Build Executor Status -> New Node*
>
> [image: Annotation 2019-05-09 084942.jpg]
>
> *Node name -> Permanent Agent -> OK*
>
> [image: Annotation 2019-05-09 085016.jpg]
>
> Name -> Description -> Remote root directory -> Launch Method "Launch 
> agent via Java Web Start"
>
> [image: Annotation 2019-05-09 085149.jpg]
>
> Mark Waite
>  
>
>> I only see 1) Launch agent by connecting it to the master, 2) ... via 
>> execution of command on the master, 3) ... Let Jenkins control this Windows 
>> slave as a Windows service.
>>
>>
> That likely indicates that you installed the 'windows-slaves' or 
> 'windows-agents' plugin.  You don't need that plugin and generally don't 
> want it.  The technique it uses to start the agent is based on DCOM, is 
> exceptionally brittle, and is very hard to use.  You can (and probably 
> should) remove the windows-slaves or windows-agents plugin.  Agents run on 
> Windows quite well without needing that plugin.
>  
>
>> Also checked if there are any updates of Jenkins, only some unrelated 
>> plugin-updates are available. Anything else I could check?
>>
>> Thank you!
>>
>> Am Mittwoch, 8. Mai 2019 16:05:00 UTC+2 schrieb Mark Waite:
>>>
>>>
>>>
>>> On Wednesday, May 8, 2019 at 7:18:31 AM UTC-6, A M wrote:

 hi Mark

 I am struggling with a very similar issue. What exactly do you mean by 
 your comment and how do I achieve this?


>>> I said:
>>>
>>> > Run the Windows agent from the Windows desktop rather than running it 
>>> from a service which has been allowed to interact with the desktop.
>>>
>>> The most direct way to implement what I described is to:
>>>
>>>1. Login to the Windows desktop machine where code signing will be 
>>>run
>>>2. Open a web browser to the Jenkins server
>>>3. Create an agent (a node) to represent that Windows computer
>>>4. Configure the agent to "Launch agent via Java Web Start"
>>>5. Define the required agent fields (like a remote root directory - 
>>>I prefer 'C:\J\' to reduce problems with Windows and long paths) and 
>>> save 
>>>the configuration of that agent
>>>6. Download the 'agent.jar' file from the hyperlink on the web page, 
>>>save it somewhere convenient (like C:\J\agent.jar)
>>>7. Open a command prompt window on the Windows desktop machine and 
>>>change to the convenient directory C:\J
>>>8. Copy the 'Run from agent command line" from the web page into the 
>>>command prompt window
>>>
>>> Thanks for asking!
>>> Mark Waite
>>>  
>>>
 I want to run the signtool.exe together with the certificate on a USB 
 token as an AfterPublish job in Jenkins. Jenkins is running as admin. 
 Single sign-on is activated for the USB token. Running signtool.exe in the 
 admin console works, running the same command through Jenkins results 
 in the "No certificates were found that met all the given criteria." 
 error.

 Any help is much appreciated. Thank you!
>
> -- 
>> You received th

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-05-09 Thread A M 
Thanks a lot Mark for your quick response!   As I understand it the goal is 
to create a slave/agent that will run the code signing directly on windows, 
instead of a service. great idea!

However, I am stuck at step 4, I dond't see the "Launch agent via Java Web 
Start" option. I found a general solution online 
,
 
by specifying a concrete or random port in the Global Security TCP 
settings. I tried both, and even restarted Jenkins a couple of times, and 
it doesn't show up. 

I only see 1) Launch agent by connecting it to the master, 2) ... via 
execution of command on the master, 3) ... Let Jenkins control this Windows 
slave as a Windows service.

Also checked if there are any updates of Jenkins, only some unrelated 
plugin-updates are available. Anything else I could check?

Thank you!

Am Mittwoch, 8. Mai 2019 16:05:00 UTC+2 schrieb Mark Waite:
>
>
>
> On Wednesday, May 8, 2019 at 7:18:31 AM UTC-6, A M wrote:
>>
>> hi Mark
>>
>> I am struggling with a very similar issue. What exactly do you mean by 
>> your comment and how do I achieve this?
>>
>>
> I said:
>
> > Run the Windows agent from the Windows desktop rather than running it 
> from a service which has been allowed to interact with the desktop.
>
> The most direct way to implement what I described is to:
>
>1. Login to the Windows desktop machine where code signing will be run
>2. Open a web browser to the Jenkins server
>3. Create an agent (a node) to represent that Windows computer
>4. Configure the agent to "Launch agent via Java Web Start"
>5. Define the required agent fields (like a remote root directory - I 
>prefer 'C:\J\' to reduce problems with Windows and long paths) and save 
> the 
>configuration of that agent
>6. Download the 'agent.jar' file from the hyperlink on the web page, 
>save it somewhere convenient (like C:\J\agent.jar)
>7. Open a command prompt window on the Windows desktop machine and 
>change to the convenient directory C:\J
>8. Copy the 'Run from agent command line" from the web page into the 
>command prompt window
>
> Thanks for asking!
> Mark Waite
>  
>
>> I want to run the signtool.exe together with the certificate on a USB 
>> token as an AfterPublish job in Jenkins. Jenkins is running as admin. 
>> Single sign-on is activated for the USB token. Running signtool.exe in the 
>> admin console works, running the same command through Jenkins results in 
>> the "No certificates were found that met all the given criteria." error.
>>
>> Any help is much appreciated. Thank you!
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/b92c3356-23da-4368-b6b7-a5fd2906e110%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-05-08 Thread Mark Waite 


On Wednesday, May 8, 2019 at 7:18:31 AM UTC-6, A M wrote:
>
> hi Mark
>
> I am struggling with a very similar issue. What exactly do you mean by 
> your comment and how do I achieve this?
>
>
I said:

> Run the Windows agent from the Windows desktop rather than running it 
from a service which has been allowed to interact with the desktop.

The most direct way to implement what I described is to:

   1. Login to the Windows desktop machine where code signing will be run
   2. Open a web browser to the Jenkins server
   3. Create an agent (a node) to represent that Windows computer
   4. Configure the agent to "Launch agent via Java Web Start"
   5. Define the required agent fields (like a remote root directory - I 
   prefer 'C:\J\' to reduce problems with Windows and long paths) and save the 
   configuration of that agent
   6. Download the 'agent.jar' file from the hyperlink on the web page, 
   save it somewhere convenient (like C:\J\agent.jar)
   7. Open a command prompt window on the Windows desktop machine and 
   change to the convenient directory C:\J
   8. Copy the 'Run from agent command line" from the web page into the 
   command prompt window

Thanks for asking!
Mark Waite
 

> I want to run the signtool.exe together with the certificate on a USB 
> token as an AfterPublish job in Jenkins. Jenkins is running as admin. 
> Single sign-on is activated for the USB token. Running signtool.exe in the 
> admin console works, running the same command through Jenkins results in 
> the "No certificates were found that met all the given criteria." error.
>
> Any help is much appreciated. Thank you!
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/41f90117-e810-4b47-864e-839fc444fb86%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-05-08 Thread A M 
hi Mark

I am struggling with a very similar issue. What exactly do you mean by your 
comment and how do I achieve this?

I want to run the signtool.exe together with the certificate on a USB token 
as an AfterPublish job in Jenkins. Jenkins is running as admin. Single 
sign-on is activated for the USB token. Running signtool.exe in the admin 
console 
works, running the same command through Jenkins results in the "No 
certificates were found that met all the given criteria." error.

Any help is much appreciated. Thank you!
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/003a60e6-00ea-4081-866f-e366582b75f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-04-25 Thread Mark Waite 
On Thu, Apr 25, 2019 at 7:10 AM Hello Universe  wrote:

> How to use installed certificates from win8 using signtool?
>
>
Run the Windows agent from the Windows desktop rather than running it from
a service which has been allowed to interact with the desktop.  There seem
to be cases where programs run from services allowed to interact with the
desktop don't have the exact same capabilities as programs run from the
desktop.

Mark Waite


> On Thursday, August 27, 2015 at 10:51:29 PM UTC+8, Ed of the Mountain
> wrote:
>>
>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>
>>
>> c:\jenkins\workspace\codesign-windows>
>>
>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> SignTool Error: No certificates were found that met all the given criteria.
>>
>>
>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>> USB token be connected to the build machine.  This works fine when logged on 
>> as normal user.
>>
>>
>>- I am running Jenkins as a Windows service.
>>- Service Log On is set to Local System account.
>>- Service is *allowed to interact with desktop.*
>>
>>
>>
>> When I logon as a normal user to the build machine, it works fine.
>>
>>
>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>> interaction
>>
>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>> enters password.
>>
>> 4 - Code is signed automatically
>>
>>
>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>> http://timestamp.digicert
>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>> Done Adding Additional Store
>> Successfully signed: token-logon.exe
>>
>>
>> Any suggestions to try are much appreciated,
>>
>>
>> -Ed
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/5c8ab94c-96ef-433d-9753-44336a67f2d5%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Thanks!
Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGEuESLQpVtO-XP9QwAies3w%3D0BV%2BNwt1MoWBLS%3DsyirA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-04-25 Thread Slide 
Are the certificates in the certificate store for just the "normal user" or
are they installed in the machine store? The Jenkins service, by default,
it running as LocalSystemUser. That account would need access to the
certificate store.

On Thu, Apr 25, 2019, 06:10 Hello Universe  wrote:

> How to use installed certificates from win8 using signtool?
>
> On Thursday, August 27, 2015 at 10:51:29 PM UTC+8, Ed of the Mountain
> wrote:
>>
>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>
>>
>> c:\jenkins\workspace\codesign-windows>
>>
>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> SignTool Error: No certificates were found that met all the given criteria.
>>
>>
>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>> USB token be connected to the build machine.  This works fine when logged on 
>> as normal user.
>>
>>
>>- I am running Jenkins as a Windows service.
>>- Service Log On is set to Local System account.
>>- Service is *allowed to interact with desktop.*
>>
>>
>>
>> When I logon as a normal user to the build machine, it works fine.
>>
>>
>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>> interaction
>>
>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>> enters password.
>>
>> 4 - Code is signed automatically
>>
>>
>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>> http://timestamp.digicert
>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>> Done Adding Additional Store
>> Successfully signed: token-logon.exe
>>
>>
>> Any suggestions to try are much appreciated,
>>
>>
>> -Ed
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/5c8ab94c-96ef-433d-9753-44336a67f2d5%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVcc50Rg4HO2797kEXNOjVUeiS2%3D8t%2Bb%2BXq0pVNhPNx18w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2019-04-25 Thread Hello Universe 
How to use installed certificates from win8 using signtool?

On Thursday, August 27, 2015 at 10:51:29 PM UTC+8, Ed of the Mountain wrote:
>
> When I try to code sign in my Jenkins job I receive a SignTool error:
>
>
> c:\jenkins\workspace\codesign-windows>
>
> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>
> SignTool Error: No certificates were found that met all the given criteria.
>
>
> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
> USB token be connected to the build machine.  This works fine when logged on 
> as normal user.
>
>
>- I am running Jenkins as a Windows service.
>- Service Log On is set to Local System account.
>- Service is *allowed to interact with desktop.*
>
>
>
> When I logon as a normal user to the build machine, it works fine.
>
>
> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>
> 2 - This triggers a pop-up "Token Logon" dialog that requires user interaction
>
> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
> enters password.
>
> 4 - Code is signed automatically
>
>
> C:\jenkins\workspace\codesign-windows>signtool sign /t 
> http://timestamp.digicert
> .com /n "The Charles Machine Works, Inc." token-logon.exe
> Done Adding Additional Store
> Successfully signed: token-logon.exe
>
>
> Any suggestions to try are much appreciated,
>
>
> -Ed
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/5c8ab94c-96ef-433d-9753-44336a67f2d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2017-01-23 Thread 'HaPe' via Jenkins Users 
Hi Ed,

at present I have the same problem like you with Jenkins and signing 
certificates.
I use Certificate Token usb stick from GlobalSign.
I get the same error message and the behavior is the same like you above 
described. (signing works fine when I send the command via Admin console, 
Jenkins service runs as Admin...).

I am follows your advice and I have disabled the jenkins service and 
replaced it with slave-agent.jnlp
Unfortunately I get the same error message after restart node and build 
project:
No certificates were found that met all the given criteria.


This ist the starting message:
[01/23/17 10:37:50] Launching agent
$ "C:\Program Files (x86)\Jenkins\jre\bin"\java.exe -jar "C:\Program Files 
(x86)"\Jenkins\slave.jar
<===[JENKINS REMOTING CAPACITY]===>channel started
Slave.jar version: 3.3
This is a Windows agent
Agent successfully connected and online...


Do you have any suggestions to solve my problem?
Have start the slave node with jenkins?
Needs the windows agent special rights?

HaPe


Am Donnerstag, 27. August 2015 17:55:57 UTC+2 schrieb Ed of the Mountain:
>
> Solved.
>
> Disable jenkins service and replace with slave-agent.jnlp.
>
> Yay! I finally have automatic EV code signing!
>
> -Ed
>
>
> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote:
>>
>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>
>>
>> c:\jenkins\workspace\codesign-windows>
>>
>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>>
>> SignTool Error: No certificates were found that met all the given criteria.
>>
>>
>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>> USB token be connected to the build machine.  This works fine when logged on 
>> as normal user.
>>
>>
>>- I am running Jenkins as a Windows service.
>>- Service Log On is set to Local System account.
>>- Service is *allowed to interact with desktop.*
>>
>>
>>
>> When I logon as a normal user to the build machine, it works fine.
>>
>>
>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>> interaction
>>
>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>> enters password.
>>
>> 4 - Code is signed automatically
>>
>>
>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>> http://timestamp.digicert
>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>> Done Adding Additional Store
>> Successfully signed: token-logon.exe
>>
>>
>> Any suggestions to try are much appreciated,
>>
>>
>> -Ed
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4a24a63e-0ea4-4f41-a308-72c364876f60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-04-22 Thread Vikram Parthasarathy 
My dongle is from Symantec. When I spoke to them about this last year, they
didn't have much help to offer. Please let me know if you find something.

On Fri, Apr 22, 2016 at 3:37 PM, Tim Mills <
tmi...@citystateentertainment.com> wrote:

> My understanding was that a certain category of Safenet dongles could be
> configured to be "rdp enabled" though I'm not certain this is something
> digicert, or the dongles they issue, are capable of.  My hope was that Ed's
> solution would magically circumvent this limitation.  I'm also in the
> process of talking to verisign/symantec to see if their hardware solution
> handles jenkins/CI any better.
>
> On 4/22/2016 4:33 PM, Vikram Parthasarathy wrote:
>
> I've had the same experience. The dongle cannot be used from an RDP
> session. And RDPing into the machine will require the password to be
> re-entered. I spoke to the vendor (Safenet) and they said RDP is not
> supported and it was intentionally done for security purposes.
>
> On Fri, Apr 22, 2016 at 3:20 PM, Tim Mills <
> tmi...@citystateentertainment.com> wrote:
>
>> I'm investigating this solution and I'm curious if you know if RDPing
>> into the box will cause bad things to happen?  My experience has been that
>> the dongle doesn't work for RDP users and each time I RDP into the box I
>> have to re-enter the password by logging into a local session.  I'm worried
>> that this would cause code signing to fail if a build happens to sign while
>> someone is RDPd in.
>>
>> On Thursday, August 27, 2015 at 11:55:57 AM UTC-4, Ed of the Mountain
>> wrote:
>>>
>>> Solved.
>>>
>>> Disable jenkins service and replace with slave-agent.jnlp.
>>>
>>> Yay! I finally have automatic EV code signing!
>>>
>>> -Ed
>>>
>>>
>>> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain
>>> wrote:

 When I try to code sign in my Jenkins job I receive a SignTool error:

  c:\jenkins\workspace\codesign-windows>

 signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe

 SignTool Error: No certificates were found that met all the given criteria.

 I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
 USB token be connected to the build machine.  This works fine when logged 
 on as normal user.

- I am running Jenkins as a Windows service.
- Service Log On is set to Local System account.
- Service is *allowed to interact with desktop.*

 When I logon as a normal user to the build machine, it works fine.

 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe

 2 - This triggers a pop-up "Token Logon" dialog that requires user 
 interaction

 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
 enters password.

 4 - C
 ode is signed automatically

 C:\jenkins\workspace\codesign-windows>signtool sign /t 
 http://timestamp.digicert
 .com /n "The Charles Machine Works, Inc." token-logon.exe
 Done Adding Additional Store
 Successfully signed: token-logon.exe

 Any suggestions to try are much appreciated,

 -Ed

 --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Jenkins Users" group.
>> To unsubscribe from this topic, visit
>> 
>> https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> 
>> https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> 
> https://groups.google.com/d/msgid/jenkinsci-users/CADE%2BD%2BVq8CepSpWLmYpqM05q6aOFFc-cZFfj0NwZUcYT%2B%2BRteg%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscri

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-04-22 Thread Tim Mills 
My understanding was that a certain category of Safenet dongles could be 
configured to be "rdp enabled" though I'm not certain this is something 
digicert, or the dongles they issue, are capable of. My hope was that 
Ed's solution would magically circumvent this limitation.  I'm also in 
the process of talking to verisign/symantec to see if their hardware 
solution handles jenkins/CI any better.


On 4/22/2016 4:33 PM, Vikram Parthasarathy wrote:
I've had the same experience. The dongle cannot be used from an RDP 
session. And RDPing into the machine will require the password to be 
re-entered. I spoke to the vendor (Safenet) and they said RDP is not 
supported and it was intentionally done for security purposes.


On Fri, Apr 22, 2016 at 3:20 PM, Tim Mills 
> wrote:


I'm investigating this solution and I'm curious if you know if
RDPing into the box will cause bad things to happen?  My
experience has been that the dongle doesn't work for RDP users and
each time I RDP into the box I have to re-enter the password by
logging into a local session.  I'm worried that this would cause
code signing to fail if a build happens to sign while someone is
RDPd in.

On Thursday, August 27, 2015 at 11:55:57 AM UTC-4, Ed of the
Mountain wrote:

Solved.

Disable jenkins service and replace with slave-agent.jnlp.

Yay! I finally have automatic EV code signing!

-Ed


On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the
Mountain wrote:

When I try to code sign in my Jenkins job I receive a
SignTool error:

c:\jenkins\workspace\codesign-windows>

signtool sign /thttp://timestamp.digicert.com 
  /n "Acme Inc." code.exe

SignTool Error: No certificates were found that met all the given 
criteria.

I am using a DigiCert Extend Validation ( EV ) USB token
that requires the USB token be connected to the build
machine.  This works fine when logged on as normal user.

  * I am running Jenkins as a Windows service.
  * Service Log On is set to Local System account.
  * Service is *_allowed to interact with desktop._*

When I logon as a normal user to the build machine, it works fine.

1 - signtool sign /thttp://timestamp.digicert.com 
  /n "Acme Inc." code.exe

2 - This triggers a pop-up "Token Logon" dialog that requires user 
interaction

3 - I have a separate "Token Logon" watcher that finds the WIndows 
ID and enters password.

4 - Code is signed automatically

C:\jenkins\workspace\codesign-windows>signtool sign /t
http://timestamp.digicert .com /n "The Charles Machine
Works, Inc." token-logon.exe Done Adding Additional Store
Successfully signed: token-logon.exe

Any suggestions to try are much appreciated,

-Ed

-- 
You received this message because you are subscribed to a topic in

the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe.
To unsubscribe from this group and all its topics, send an email
to jenkinsci-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to a topic in the 
Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit 
https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to 
jenkinsci-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CADE%2BD%2BVq8CepSpWLmYpqM05q6aOFFc-cZFfj0NwZUcYT%2B%2BRteg%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Jenkins 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/je

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-04-22 Thread Vikram Parthasarathy 
I've had the same experience. The dongle cannot be used from an RDP
session. And RDPing into the machine will require the password to be
re-entered. I spoke to the vendor (Safenet) and they said RDP is not
supported and it was intentionally done for security purposes.

On Fri, Apr 22, 2016 at 3:20 PM, Tim Mills <
tmi...@citystateentertainment.com> wrote:

> I'm investigating this solution and I'm curious if you know if RDPing into
> the box will cause bad things to happen?  My experience has been that the
> dongle doesn't work for RDP users and each time I RDP into the box I have
> to re-enter the password by logging into a local session.  I'm worried that
> this would cause code signing to fail if a build happens to sign while
> someone is RDPd in.
>
> On Thursday, August 27, 2015 at 11:55:57 AM UTC-4, Ed of the Mountain
> wrote:
>>
>> Solved.
>>
>> Disable jenkins service and replace with slave-agent.jnlp.
>>
>> Yay! I finally have automatic EV code signing!
>>
>> -Ed
>>
>>
>> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain
>> wrote:
>>>
>>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>>
>>>
>>> c:\jenkins\workspace\codesign-windows>
>>>
>>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>>
>>> SignTool Error: No certificates were found that met all the given criteria.
>>>
>>>
>>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>>> USB token be connected to the build machine.  This works fine when logged 
>>> on as normal user.
>>>
>>>
>>>- I am running Jenkins as a Windows service.
>>>- Service Log On is set to Local System account.
>>>- Service is *allowed to interact with desktop.*
>>>
>>>
>>>
>>> When I logon as a normal user to the build machine, it works fine.
>>>
>>>
>>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>>
>>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>>> interaction
>>>
>>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>>> enters password.
>>>
>>> 4 - Code is signed automatically
>>>
>>>
>>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>>> http://timestamp.digicert
>>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>>> Done Adding Additional Store
>>> Successfully signed: token-logon.exe
>>>
>>>
>>> Any suggestions to try are much appreciated,
>>>
>>>
>>> -Ed
>>>
>>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/RQyUWZilrRE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CADE%2BD%2BVq8CepSpWLmYpqM05q6aOFFc-cZFfj0NwZUcYT%2B%2BRteg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-04-22 Thread Tim Mills 
I'm investigating this solution and I'm curious if you know if RDPing into 
the box will cause bad things to happen?  My experience has been that the 
dongle doesn't work for RDP users and each time I RDP into the box I have 
to re-enter the password by logging into a local session.  I'm worried that 
this would cause code signing to fail if a build happens to sign while 
someone is RDPd in.

On Thursday, August 27, 2015 at 11:55:57 AM UTC-4, Ed of the Mountain wrote:
>
> Solved.
>
> Disable jenkins service and replace with slave-agent.jnlp.
>
> Yay! I finally have automatic EV code signing!
>
> -Ed
>
>
> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote:
>>
>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>
>>
>> c:\jenkins\workspace\codesign-windows>
>>
>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>>
>> SignTool Error: No certificates were found that met all the given criteria.
>>
>>
>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>> USB token be connected to the build machine.  This works fine when logged on 
>> as normal user.
>>
>>
>>- I am running Jenkins as a Windows service.
>>- Service Log On is set to Local System account.
>>- Service is *allowed to interact with desktop.*
>>
>>
>>
>> When I logon as a normal user to the build machine, it works fine.
>>
>>
>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>> interaction
>>
>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>> enters password.
>>
>> 4 - Code is signed automatically
>>
>>
>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>> http://timestamp.digicert
>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>> Done Adding Additional Store
>> Successfully signed: token-logon.exe
>>
>>
>> Any suggestions to try are much appreciated,
>>
>>
>> -Ed
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/91f3155f-6b7c-4b39-b8c0-db31a0f7d008%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-04-01 Thread Quentin Silvestre 
Hi Ed,

I want to sign my code with an EV certificate but I don't know if I have to 
change my configuration:
Jenkins master is on a windows server on a Virtual Machine of our provider.
To build our code we use a VM windows 8.1 and a real Mac.
To avoid multiple computer, the  VM windows 8.1 is a VMWare image running 
on the Mac OS.
When I plug the token on the mac, I can tell VMWare to plug the token on 
the virtual machine.

Now on jenkins side, the windows slave is connected with JavaWebStart and I 
installed a service.

I have the same error as you.

SignTool Error: No certificates were found that met all the given criteria.


What is slave-agent.jnlp you think that could be the problem?

or I must have windows 8.1 on a real computer?


Thanks

-Quentin



Le jeudi 27 août 2015 17:55:57 UTC+2, Ed of the Mountain a écrit :
>
> Solved.
>
> Disable jenkins service and replace with slave-agent.jnlp.
>
> Yay! I finally have automatic EV code signing!
>
> -Ed
>
>
> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote:
>>
>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>
>>
>> c:\jenkins\workspace\codesign-windows>
>>
>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>>
>> SignTool Error: No certificates were found that met all the given criteria.
>>
>>
>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>> USB token be connected to the build machine.  This works fine when logged on 
>> as normal user.
>>
>>
>>- I am running Jenkins as a Windows service.
>>- Service Log On is set to Local System account.
>>- Service is *allowed to interact with desktop.*
>>
>>
>>
>> When I logon as a normal user to the build machine, it works fine.
>>
>>
>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>> interaction
>>
>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>> enters password.
>>
>> 4 - Code is signed automatically
>>
>>
>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>> http://timestamp.digicert
>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>> Done Adding Additional Store
>> Successfully signed: token-logon.exe
>>
>>
>> Any suggestions to try are much appreciated,
>>
>>
>> -Ed
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/db1bc4ae-fb2b-4811-b5db-9b1610cba74e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-03-09 Thread Patrick van der Velde 
We have had the same issue but with our TFS build system and in our case 
the issue is that the certificate is installed in the machine cert store. 
Unless the user is an administrator it cannot read from that store normally 
so we solved it by giving the build server user (which ever user runs the 
service) read access to the certificate that we want to use to sign our 
binaries.

regards

Petrik

On Thursday, 10 March 2016 10:27:51 UTC+13, Steve Sanders wrote:
>
> Does that mean you have to use a slave? New to Jenkins and am struggling 
> to use our EV codesigning. Thanks.
>
> On Thursday, August 27, 2015 at 8:55:57 AM UTC-7, Ed of the Mountain wrote:
>>
>> Solved.
>>
>> Disable jenkins service and replace with slave-agent.jnlp.
>>
>> Yay! I finally have automatic EV code signing!
>>
>> -Ed
>>
>>
>> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain 
>> wrote:
>>>
>>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>>
>>>
>>> c:\jenkins\workspace\codesign-windows>
>>>
>>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>>>
>>> SignTool Error: No certificates were found that met all the given criteria.
>>>
>>>
>>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>>> USB token be connected to the build machine.  This works fine when logged 
>>> on as normal user.
>>>
>>>
>>>- I am running Jenkins as a Windows service.
>>>- Service Log On is set to Local System account.
>>>- Service is *allowed to interact with desktop.*
>>>
>>>
>>>
>>> When I logon as a normal user to the build machine, it works fine.
>>>
>>>
>>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>>
>>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>>> interaction
>>>
>>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>>> enters password.
>>>
>>> 4 - Code is signed automatically
>>>
>>>
>>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>>> http://timestamp.digicert
>>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>>> Done Adding Additional Store
>>> Successfully signed: token-logon.exe
>>>
>>>
>>> Any suggestions to try are much appreciated,
>>>
>>>
>>> -Ed
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/7c274f59-b099-4399-9833-1a8a3db38fc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-03-09 Thread Steve Sanders 
Does that mean you have to use a slave? New to Jenkins and am struggling to 
use our EV codesigning. Thanks.

On Thursday, August 27, 2015 at 8:55:57 AM UTC-7, Ed of the Mountain wrote:
>
> Solved.
>
> Disable jenkins service and replace with slave-agent.jnlp.
>
> Yay! I finally have automatic EV code signing!
>
> -Ed
>
>
> On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote:
>>
>> When I try to code sign in my Jenkins job I receive a SignTool error:
>>
>>
>> c:\jenkins\workspace\codesign-windows>
>>
>> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>>
>> SignTool Error: No certificates were found that met all the given criteria.
>>
>>
>> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
>> USB token be connected to the build machine.  This works fine when logged on 
>> as normal user.
>>
>>
>>- I am running Jenkins as a Windows service.
>>- Service Log On is set to Local System account.
>>- Service is *allowed to interact with desktop.*
>>
>>
>>
>> When I logon as a normal user to the build machine, it works fine.
>>
>>
>> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>>
>> 2 - This triggers a pop-up "Token Logon" dialog that requires user 
>> interaction
>>
>> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
>> enters password.
>>
>> 4 - Code is signed automatically
>>
>>
>> C:\jenkins\workspace\codesign-windows>signtool sign /t 
>> http://timestamp.digicert
>> .com /n "The Charles Machine Works, Inc." token-logon.exe
>> Done Adding Additional Store
>> Successfully signed: token-logon.exe
>>
>>
>> Any suggestions to try are much appreciated,
>>
>>
>> -Ed
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/95a3341e-8b3f-4426-9ea8-64dc6023ef3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2016-02-24 Thread Ed of the Mountain 
Each slave has it's own USB DigiCert token.

   - I have multiple Jenkins slaves running on a common virtual machine 
   host.
   - I have 1 dedicated USB DigiCert token dedicated to the Windows build 
   slave VM
   - I have a second dedicated USB DigiCert token dedicated to the OS X 
   build slave VM
   
VMware Workstate / Fusion or ESXi make it easy to share a USB token with a 
specific VM.  

As far as I know, you cannot connect the same USB token with multiple VMs.

However, additional DigiCert tokens are only $25.

-Ed

My Windows slave has a pop-up watcher to automatically logon written in C# 
as a console app:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Threading;



// System.Windows.Automation needs add reference to:
// C:\Program Files\Reference 
Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll
// C:\Program Files\Reference 
Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll
using System.Windows.Automation;


namespace token_logon
{
class Program
{
static int SatisfyEverySafeNetTokenPasswordRequest(string password)
{
int errorCode = 1;

bool exitLoop = false;
int count = 0;

Automation.AddAutomationEventHandler(WindowPattern.WindowOpenedEvent, 
AutomationElement.RootElement, TreeScope.Children, (sender, e) =>
{
var element = sender as AutomationElement;
if (element.Current.Name == "Token Logon")
{
WindowPattern pattern = 
(WindowPattern)element.GetCurrentPattern(WindowPattern.Pattern);
pattern.WaitForInputIdle(1);
var edit = element.FindFirst(TreeScope.Descendants, new 
AndCondition(
new 
PropertyCondition(AutomationElement.ControlTypeProperty, ControlType.Edit),
new PropertyCondition(AutomationElement.NameProperty, 
"Token Password:")));

var ok = element.FindFirst(TreeScope.Descendants, new 
AndCondition(
new 
PropertyCondition(AutomationElement.ControlTypeProperty, ControlType.Button),
new PropertyCondition(AutomationElement.NameProperty, 
"OK")));

if (edit != null && ok != null)
{
count++;
ValuePattern vp = 
(ValuePattern)edit.GetCurrentPattern(ValuePattern.Pattern);
vp.SetValue(password);
Console.WriteLine("SafeNet window (count: " + count + " 
window(s)) detected. Setting password...");

InvokePattern ip = 
(InvokePattern)ok.GetCurrentPattern(InvokePattern.Pattern);
ip.Invoke();

// Signal do loop to exit
// If wanted to get fancey, we could look for a 
password failed window
// and wait 1 second to see if "Token Logon" closes 
exitLoop = true;
errorCode = 0;
}
else
{
Console.WriteLine("SafeNet window detected but not with 
edit and button...");
}
}
});


Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
while (false == exitLoop)
{
Thread.Sleep(100);
if (10 < stopwatch.Elapsed.TotalSeconds)
{
exitLoop = true;
}
}



// Throws exception when console is hidden
//while (false == exitLoop)
//{

//if (Console.KeyAvailable)
//{
//ConsoleKeyInfo key = Console.ReadKey(true);
//switch (key.Key)
//{
//case ConsoleKey.Q:
//Console.WriteLine("Quit...");
//exitLoop = true;
//break;
//default:
//break;
//}

//}
//// Do something more useful
//}

Automation.RemoveAllEventHandlers();

return errorCode;
}

static void DisplayUsage()
{
Console.WriteLine("Usage: You must start token-logon.exe in it's 
own process *before* calling signtool\n");

Console.WriteLine("Batch Example:");
Console.WriteLine("--");
Console.WriteLine("start token-logon.exe myPaswd");
Console.WriteLine("echo Use ping as delay to make sure 
token-logon.exe is started");
Console.WriteLine("ping 127.0.0.1 -n 2 > nul");
Console.WriteLine("signtool sign /t http://timestamp.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2015-10-02 Thread Vikram Parthasarathy 
Not related to Jenkins - I'm trying exactly the same thing with an IIS 
server and ran into the same problem. No luck yet.

By the way, the Symantec EV certificate/USB token has a way to enable 
single sign-on. I wonder if Digicert has something like that.

On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote:
>
> When I try to code sign in my Jenkins job I receive a SignTool error:
>
>
> c:\jenkins\workspace\codesign-windows>
>
> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>
> SignTool Error: No certificates were found that met all the given criteria.
>
>
> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
> USB token be connected to the build machine.  This works fine when logged on 
> as normal user.
>
>
>- I am running Jenkins as a Windows service.
>- Service Log On is set to Local System account.
>- Service is *allowed to interact with desktop.*
>
>
>
> When I logon as a normal user to the build machine, it works fine.
>
>
> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>
> 2 - This triggers a pop-up "Token Logon" dialog that requires user interaction
>
> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
> enters password.
>
> 4 - Code is signed automatically
>
>
> C:\jenkins\workspace\codesign-windows>signtool sign /t 
> http://timestamp.digicert
> .com /n "The Charles Machine Works, Inc." token-logon.exe
> Done Adding Additional Store
> Successfully signed: token-logon.exe
>
>
> Any suggestions to try are much appreciated,
>
>
> -Ed
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/565e1177-8016-49d8-99ad-f2d84ae03da0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2015-09-01 Thread Giuseppe Tamburello 

>
>
>> Hi Ed... thanks for posting your solution, I was running into a similar 
issue when initially setting up the EV cert; but I have a quick question 
for you... does your Jenkins environment have multiple slaves, and is the 
'signing' dedicated to a single slave machine or are you able to sign from 
multiple slave machine (while only having a single EV cert). Basically, 
we're moving from using a .pfx file for signing to 'the future' of using 
the EV USB dongle, and I'm not able to get jobs to successfully sign a file 
from Slave-A on Slave-B (being that Slave-B has the USB dongle connected to 
it) have you run into this?

Thanks in advance,
-joe

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/bd44ade9-b66a-4084-a41a-787aff5dcad5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2015-08-27 Thread Ed of the Mountain 
Solved.

Disable jenkins service and replace with slave-agent.jnlp.

Yay! I finally have automatic EV code signing!

-Ed


On Thursday, August 27, 2015 at 9:51:29 AM UTC-5, Ed of the Mountain wrote:
>
> When I try to code sign in my Jenkins job I receive a SignTool error:
>
>
> c:\jenkins\workspace\codesign-windows>
>
> signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe 
>
> SignTool Error: No certificates were found that met all the given criteria.
>
>
> I am using a DigiCert Extend Validation ( EV ) USB token that requires the 
> USB token be connected to the build machine.  This works fine when logged on 
> as normal user.
>
>
>- I am running Jenkins as a Windows service.
>- Service Log On is set to Local System account.
>- Service is *allowed to interact with desktop.*
>
>
>
> When I logon as a normal user to the build machine, it works fine.
>
>
> 1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe
>
> 2 - This triggers a pop-up "Token Logon" dialog that requires user interaction
>
> 3 - I have a separate "Token Logon" watcher that finds the WIndows ID and 
> enters password.
>
> 4 - Code is signed automatically
>
>
> C:\jenkins\workspace\codesign-windows>signtool sign /t 
> http://timestamp.digicert
> .com /n "The Charles Machine Works, Inc." token-logon.exe
> Done Adding Additional Store
> Successfully signed: token-logon.exe
>
>
> Any suggestions to try are much appreciated,
>
>
> -Ed
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/94d6f603-fad3-4c76-ade9-4dc8a771434c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Under Jenkins SignTool Error "No certificates were found", works fine logged on as user

2015-08-27 Thread Eddie Sutton 
When I try to code sign in my Jenkins job I receive a SignTool error:


c:\jenkins\workspace\codesign-windows>

signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe

SignTool Error: No certificates were found that met all the given criteria.


I am using a DigiCert Extend Validation ( EV ) USB token that requires
the USB token be connected to the build machine.  This works fine when
logged on as normal user.


   - I am running Jenkins as a Windows service.
   - Service Log On is set to Local System account.
   - Service is *allowed to interact with desktop.*



When I logon as a normal user to the build machine, it works fine.


1 - signtool sign /t http://timestamp.digicert.com /n "Acme Inc." code.exe

2 - This triggers a pop-up "Token Logon" dialog that requires user interaction

3 - I have a separate "Token Logon" watcher that finds the WIndows ID
and enters password.

4 - Code is signed automatically


C:\jenkins\workspace\codesign-windows>signtool sign /t http://timestamp.digicert
.com /n "The Charles Machine Works, Inc." token-logon.exe
Done Adding Additional Store
Successfully signed: token-logon.exe


Any suggestions to try are much appreciated,


-Ed

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAKas9SSxA2i%2BggCz1Y5CwUe%3DRCUa6Sagmj-p6hcWed-aBhv%3D4Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.