Cannot add certificate to Cert:\CurrentUser\My

VS2017 code signing (performed by a Cordova Windows build) expects the code signing certificate in Cert:\CurrentUser\My. Running this on a local machine works without problems, but on the Travis Windows environment it seems to be impossible because I cannot add the certificate to Cert:\CurrentUser\My.

I’ve tried adding the certificate in Travis with both certutil:

certutil -user -p mypassword -importpfx mycertificate.pfx

and with a powershell script:

Import-PfxCertificate -FilePath $Pfxpath -CertStoreLocation Cert:\CurrentUser\My -Password $Password

but both methods fail. It is possible to add the certificate to Cert:\LocalMachine\My but then VS2017 does not pick up the certificate and ends with a couple error messages.

warning APPX0105: Cannot import the key file 'mycertificate.pfx'. The key file may be password protected. To correct this, try to import the certificate manually into the current user's person al certificate store.
warning APPX0102: A certificate with thumbprint '1234567890123456789012345678901234567890' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478

Is there a way to fix this problem?

1 Like

Please include a build link. Copypasting things here gives incomplete information.

Sure, I understand. Give me some time to prepare a test case and I’ll share that over here.

As promised here is the test case and a couple build logs. In all cases the code signing step, or certificate import step fails.

Test case:

Code signing fails, no certificate imported:
https://travis-ci.org/rvanmil/travis-cordova-windows-test/builds/613472656
https://api.travis-ci.org/v3/job/613472657/log.txt

Code signing fails, certificate imported into LocalMachine:
https://travis-ci.org/rvanmil/travis-cordova-windows-test/builds/613476976
https://api.travis-ci.org/v3/job/613476977/log.txt

Code signing fails, certificate import into CurrentUser fails (certutil):
https://travis-ci.org/rvanmil/travis-cordova-windows-test/builds/613478576
https://api.travis-ci.org/v3/job/613478577/log.txt

Code signing fails, certificate import into CurrentUser fails (powershell):
https://travis-ci.org/rvanmil/travis-cordova-windows-test/builds/613479247
https://api.travis-ci.org/v3/job/613479248/log.txt

2 Likes

I got this to work with GitHub Actions, see here: https://github.com/apache/cordova-windows/issues/354#issuecomment-559611332

Okay, this one took a while.

@BanzaiMan @kris It looks like1 when preparing build VM’s image, you are cleaning out AppData\* directories. You should not do that for AppData\Roaming\Microsoft\Crypto – this is what is causing this error. It turns out, Win10’s rsaenh.dll, unlike Win7, is expecting to always find a couple of certain files there.


1Since Windows builder is not in https://github.com/travis-ci/travis-cookbooks/, I cannot say for sure – or offer a patch

Imprint