How do I use signtool.exe correctly in hudson running as a service?

Question

I just purchased a code signing cert (MS authenticode) from THAWTE and have installed it apparently on my build machine. I am logged in as a user and when I open a cmd prompt I can sign EXEs using the cert with signtool.exe.

Unfortunately this same command line does not work in the hudson process that is running on the machine.

the error message I get is:

SignTool Error: No certificates were found that met all the given criteria.

I presume this is because the hudson service is running under a different account than the account that I ran signtool.exe from and from the account I used to get the cert from thawte.

So, my question is: How do I fix this problem? I thought i was going to download a file from thawte, but instead it just used IE somehow to install the cert in the user's cache magically. I probably want to export (or whatever the correct term is) to a file that I can store/save or use on any other machine.

How do i do that and how do I call signtool correctly with either the file or the cert from another user in the system/services account?

Answer 1

I thought this would be a simple issue to resolve. Instead, it is turning into a greek tragedy.

The provider, Thawte, apparently thinks it is useful to require all certificate actions to occur on the same machine and browser that the request was initiated from. Unfortunately in my case I did it from a Windows7 machine. Due to some MS nonsense that means when I obtained the certificate I cannot export it with the private key. That is only possible on Win2000 an XP. So I need to use a 7 year old OS to do something fundamental for my business. This is mind-blowing.

It turns out that now I am waiting for the third request of the certificate to be fulfilled.