This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm working on trying to move some of our TFS build and release processes, to Azure DevOps Services (ADS). Some of the apps I'm migrating to ADS are WPF apps, which we want to sign. The WPF apps are deployed using ClickOnce deployment. The former TFS Administrator wrote a PowerShell script, to handle signing the unsigned binaries during the release process.
My PowerShell skills are small, but I can follow my former colleagues code reasonably well. Here's a code snippet from the PowerShell script that's used in the TFS Release process for getting the signing cert:
# Get the signing cert
$cert = ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1
$cert
$hash = $cert.GetCertHashString()
I remoted onto that server (a Windows Server 2012 R2 server), got into a PowerShell prompt, then ran just the first portion of the script (without assigning it to a temporary variable):
ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1
When I did, nothing happened. This is the TFS build server. Why is it that I couldn't see any of the certificates on that server? I even did this:
ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1 > tmp.txt
with no success. The file tmp.txt was created, but it was empty. What am I doing wrong? How do I get a listing of the certs on that server? And of course eventually I'm going to want to extract the necessary cert so I can put it into a Secure File in an ADS Pipeline.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Is there any output if you run ls cert:\ -Recurse -CodeSigningCert and ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()}?
Yes, if I run PowerShell under the correct account
I have learned what the answer is to this problem. The TFS job runs under a system service, which runs under a system account. Thus, I'd have to run PowerShell as that user. I did later. I was able at that point to see the certificates.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Devops / TFS is not currently supported here on QnA. The product group for Azure DevOps / TFS actively monitors questions over at
https://developercommunity.visualstudio.com/spaces/21/index.html
https://developercommunity.visualstudio.com/spaces/22/index.html
--please don't forget to Accept as answer if the reply is helpful--
Technically, the question was about PowerShell. The fact that it was being used in TFS was incidental, but not pertinent to the problem I was experiencing.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Try removing the "\" from the path. I.e., try just "cert:" I tried both and they both worked. SO, perhaps it's that the "Where-Object" is receiving a "$False" value from the objects Verify method.