I'm working on trying to move some of our TFS build and release processes, to Azure DevOps Services (ADS). Some of the apps I'm migrating to ADS are WPF apps, which we want to sign. The WPF apps are deployed using ClickOnce deployment. The former TFS Administrator wrote a PowerShell script, to handle signing the unsigned binaries during the release process.
My PowerShell skills are small, but I can follow my former colleagues code reasonably well. Here's a code snippet from the PowerShell script that's used in the TFS Release process for getting the signing cert:
# Get the signing cert
$cert = ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1
$cert
$hash = $cert.GetCertHashString()
I remoted onto that server (a Windows Server 2012 R2 server), got into a PowerShell prompt, then ran just the first portion of the script (without assigning it to a temporary variable):
ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1
When I did, nothing happened. This is the TFS build server. Why is it that I couldn't see any of the certificates on that server? I even did this:
ls cert:\ -Recurse -CodeSigningCert | ? {$_.Verify()} | Select -First 1 > tmp.txt
with no success. The file tmp.txt was created, but it was empty. What am I doing wrong? How do I get a listing of the certs on that server? And of course eventually I'm going to want to extract the necessary cert so I can put it into a Secure File in an ADS Pipeline.