I have learned what the answer is to this problem. The TFS job runs under a system service, which runs under a system account. Thus, I'd have to run PowerShell as that user. I did later. I was able at that point to see the certificates.
Why am I unable to list the certificates on a server?
I'm working on trying to move some of our TFS build and release processes, to Azure DevOps Services (ADS). Some of the apps I'm migrating to ADS are WPF apps, which we want to sign. The WPF apps are deployed using ClickOnce deployment. The former TFS Administrator wrote a PowerShell script, to handle signing the unsigned binaries during the release process.
My PowerShell skills are small, but I can follow my former colleagues code reasonably well. Here's a code snippet from the PowerShell script that's used in the TFS Release process for getting the signing cert:
# Get the signing cert
$cert = ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1
$cert
$hash = $cert.GetCertHashString()
I remoted onto that server (a Windows Server 2012 R2 server), got into a PowerShell prompt, then ran just the first portion of the script (without assigning it to a temporary variable):
ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1
When I did, nothing happened. This is the TFS build server. Why is it that I couldn't see any of the certificates on that server? I even did this:
ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1 > tmp.txt
with no success. The file tmp.txt was created, but it was empty. What am I doing wrong? How do I get a listing of the certs on that server? And of course eventually I'm going to want to extract the necessary cert so I can put it into a Secure File in an ADS Pipeline.
2 additional answers
Sort by: Most helpful
-
Anonymous
2021-01-13T17:11:56.063+00:00 Devops / TFS is not currently supported here on QnA. The product group for Azure DevOps / TFS actively monitors questions over at
https://developercommunity.visualstudio.com/spaces/21/index.html
https://developercommunity.visualstudio.com/spaces/22/index.html--please don't forget to Accept as answer if the reply is helpful--
-
Rich Matheisen 46,796 Reputation points
2021-01-13T20:14:41.877+00:00 Try removing the "\" from the path. I.e., try just "cert:" I tried both and they both worked. SO, perhaps it's that the "Where-Object" is receiving a "$False" value from the objects Verify method.