Clever Geek Handbook

Visual studio service command deploymen / buildt certificate error

I am trying to build a one-off application using continuous integration and deployment functionality in VSTS (Visual Studio team Online services). We are trying to create this using the Hosted Visual Studio 2015 agent. We are having difficulty signing a strong key to a key file with an error

MSB3326: Cannot import the following key file: xxxx.snk. The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user personal certificate store.

And after that

MSB3321: Importing key file "xxxx.pfx" was canceled.

I tried both to select from the store and from the file, changing the location and making a commit of course, but without success. Any ideas how I can overcome these errors or what I am doing wrong.

Clicking on the selected answer

Just wanted to clarify if anyone else has the same problem, in addition to the answer, I had to put my certificate in my control source and commit it. Then, to select its location, add a global variable to VSTS Build

enter image description here

$cert.Import("$(CertPath)", $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")

Where $ (CertPath) would be something like $(Build.SourcesDirectory)\SharedSolutionFiles\CertificateName.pfx

+3


source to share


2 answers


You can create a PowerShell script and add a PowerShell script step to your build definition to import the certificate file before the VSBuild stage.

Build fails without PowerShell import certificate Step: enter image description here

Build with PowerShell Import Certificate Step: enter image description here



The PowerShell script I used:

$pfxpath = 'pathtoees.pfx'
$password = 'password'

Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
+4


source


The best way is that you can configure for the premise build agent and import the certificate into the certificate store, then change the build agent service account to the same account.



+1


source






More articles:


All Articles