I need to EV code sign our assemblies and installers during a TeamCity build I've just set up. We use DigiCert with theior Safenet Authentication Client for signing our builds. TeamCity is currently failing during one of the before build tasks:
censoredSetupProject\censoredSetupProject.wixproj: Build default targets
[16:36:50][Exec] signtool sign /d "censored" /du http://www.censored.com /t http://timestamp.digicert.com /n "censored" "C:\TeamCity\buildAgent\work\649c4de914f93dcc\censored\bin\Release\x64\censored.exe"
[16:36:50][Exec] EXEC No certificates were found that met all the given criteria.
[16:36:50][Exec] C:\TeamCity\buildAgent\work\649c4de914f93dcc\censoredSetupProject\ManagerSetupProject.wixproj(101, 5): error MSB3073: The command "signtool sign /d "censored" /du http://www.censored.com /t http://timestamp.digicert.com /n "censored" "C:\TeamCity\buildAgent\work\649c4de914f93dcc\censored\bin\Release\x64\censored.exe"" exited with code 1.
[16:36:50][censoredSetupProject\censoredSetupProject.wixproj] Project censoredSetupProject\censoredSetupProject.wixproj failed.
On the command line this same command works, but I must enter in the password manually in the Safenet Authentication Client user interface that pops up.
I changed the Build Agent service to run as a User login account hoping that would force the popup to appear but this didn't work. I don't mind having the popup as long as I can get the build to pass and the code signed.
Is there any way to configure this to run without the Safenet Authentication Client popup or have this exec task show the GUI so I can enter a password and complete the build? Are there any other ways to EV code sign the build?