Signing assemblies with PFX files in MSBuild, Team Build, and TFS

20
votes

I get this error when trying to build a project using Team Build (MSBuild) on TFS 2010:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets (1970):
Cannot import the following key file: CCC.pfx.
The key file may be password protected.

To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_C00C673BBB353901

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets (1970):
Importing key file "CCC.pfx" was canceled.

It all builds OK in Visual Studio 2010. The assembly is signed with a PFX file. Usually in Visual Studio we are prompted for the password the first time we build, but then never again...

I've tried running:

sn -i companyname.pfx VS_KEY_3E185446540E7F7A

as other replies as suggested in Stack Overflow question Cannot import the keyfile 'blah.pfx' - error 'The keyfile may be password protected'. I've tried importing into the personal certificate store as suggested in Stack Overflow question Using MSBuild to sign ClickOnce or assembly results in error MSB3321. But all to no avail, still the same error.

How do I do it? Do I have to somehow add the certificate to the Windows account the build service runs under or something like that?

Alternatively, how do I make the build done in Team Build not use signing? I just want to check it compiles and run the unit tests. I don't need signing for that.

6
msbuildcode-signingtfsbuild

6 Answers

9
votes

You need to adapt this answer to your specific. Something like:

sn -i companyname.pfx VS_KEY_C00C673BBB353901
8
votes

What I did is not that elegant, but works: log in as the user that runs msbuild on the build machine, manually invoke msbuild, and then type in the password when prompted. It'll now be saved in that user's certificate store, and now the builds can run unattended.

5
votes

What finally fixed it for me was making the account under which TFS Build service runs an administrator on the local machine.

Don't know though if any of the other stuff I was trying before also needs to be done to get it working. But before it was admin it didn't work after it became admin it worked.

1
votes

I was getting the same error, and after reading your "administrator" comment - I just ran VS Command Prompt as Admin and it now works fine.

0
votes

I have faced similar issue

Scenario 1: While building project in local system

In my case i was getting the manifest signing error once i download the project from TFS and build it.

To avoid this issue I right clicked on the project ==> Properties ==> Signing then unchecked "Sign the ClickOnce Manifests"

OR

You can click Select from store button and select your login id from the dialog box open.

OR

You can install the PFX file manually and later click on More Options button to install those certificate.

Scenario 2:- Manifest error during Build

Here to resolve this error i first clicked Select from store button and select my login id from the dialog box .Then I committed that project in TFS first and then run the build.

0
votes

I had following settings:

<PropertyGroup>
  <SignAssembly>false</SignAssembly>
  <AssemblyOriginatorKeyFile>MyKey.pfx</AssemblyOriginatorKeyFile>
</PropertyGroup>

Assembly signing was turned off, but AssemblyOriginatorKeyFile caused error during manifest sign. Removed AssemblyOriginatorKeyFile to fix it.