I've already got it AI code-signing fine with our old, .PFX certificate file and password (stored in Azure DevOps and downloaded at build time). Below is our old pipeline step that works with our old certificate. where no dongle was needed.
Code: Select all
- task: AdvancedInstaller@2
displayName: 'Build Installer'
inputs:
advinstLicense: '******'
aipPath: '$(appFolder)/Installer/MyApp.aip'
aipExtraCommands:
'SetDigitalCertificateFile -file $(codeSignCertificate.secureFilePath) -password $(signingPassword)'
So with this new one, I cannot get a .PFX file, just a .CER file. So here's what I've tried
1. Just use the .CER file in place of the old .PFX
I know that the .CER file does not need to be protected but I tried to make my pipeline download/use THAT in place of the old .PFX file. But the AI Build step complained "Invalid PFX File!". So I guess I cannot use a .CER file there.
2. Follow the instructions (haha) and just specify the password
Next I found this page with instructions here for EV code-signing
https://www.advancedinstaller.com/user- ... gning.html
This works fine if I just manually build the installer with AI, but it requires me to enter the password. And the only options it gives me are to either manually enter the password once (not an option for a pipeline) or to "store encrypted password in project file". I don't want to do that either. I want to keep my password in Devops pipeline variables and to continue to specify it in my AI Pipeline build task. I tried to do it like this:
Code: Select all
aipExtraCommands:
'SetDigitalCertificatePassword -password $(signingPassword)'
3. Try to use the encrypted password in the AI project File
Finally I gave in and chose the option to "store encrypted password". I built locally,typed it in and it worked fine So I completely removed the entire aipExtraCommands section from my pipeline YAML (no need to specify a password or file if the info is all in the .AIP file, right?) checked it all in and kicked off a new build. But when I then do a build through the pipeline, the same build fails. Only this time the error message is as follows
Code: Select all
The digital signing of the APPDIR\gshostid_v143.exe file failed. Error message: 'SignTool Error: No certificates were found that met all the given criteria.
Certificate "3dafd32c5dfa8cca83c3f799a7d1b29d2e495b1c" is missing from store!
1. Can someone tell me what I am doing wrong?
2. Is it possible to do this without storing the encrypted password in the project file?