Visual studio service command deploymen / buildt certificate error
I am trying to build a one-off application using continuous integration and deployment functionality in VSTS (Visual Studio team Online services). We are trying to create this using the Hosted Visual Studio 2015 agent. We are having difficulty signing a strong key to a key file with an error
MSB3326: Cannot import the following key file: xxxx.snk. The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user personal certificate store.
And after that
MSB3321: Importing key file "xxxx.pfx" was canceled.
I tried both to select from the store and from the file, changing the location and making a commit of course, but without success. Any ideas how I can overcome these errors or what I am doing wrong.
Clicking on the selected answer
Just wanted to clarify if anyone else has the same problem, in addition to the answer, I had to put my certificate in my control source and commit it. Then, to select its location, add a global variable to VSTS Build
$cert.Import("$(CertPath)", $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
Where $ (CertPath) would be something like $(Build.SourcesDirectory)\SharedSolutionFiles\CertificateName.pfx
source to share
You can create a PowerShell script and add a PowerShell script step to your build definition to import the certificate file before the VSBuild stage.
Build fails without PowerShell import certificate Step:
Build with PowerShell Import Certificate Step:
The PowerShell script I used:
$pfxpath = 'pathtoees.pfx'
$password = 'password'
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
source to share
The best way is that you can configure for the premise build agent and import the certificate into the certificate store, then change the build agent service account to the same account.
source to share