Signtool: Since Windows 10 Update 1803: No certificates were found that met all the given criteria

Markus picture Markus · Jun 7, 2018 · Viewed 7.3k times · Source

I'm using signtool to sign my c# assemblies. Everything worked fine until Windows 10 1803 Update. Now as soon as a restart the Computer or even after suspending the Computer I get the error: No certificates were found that met all the given criteria.

If I import the certificate again, everything works fine until the next restart...

I tried to Import the certificate into different Folders of the Windows Certificate Store, i imported it for the current User or for Computer, I deleted it in all folders bevor the Reimport... but the Problem is always the same.

Any hints would be great!

Answer

pvenky picture pvenky · Jun 13, 2018

Here is a hint. Run signtool with the /debug option. When I manually run it from the command prompt, I get the same error (No certificates were found) if I am not running command prompt as administrator. With the /debug option, you'll see all the certificates it matches and how it filters down to select the certificate to sign. My certificate gets eliminated at the last step (Private Key filter). If this is the case with you, try running with elevated permissions and see if that works.

In my case, for some reason, the VSTS build agent Windows service which runs the builds was not running after the 1803 update and I had manually started up the agent. This is why I was getting that error. Once I realized the service was down and I started it up as a service, the error went away.