Code signing certificate installed but build agent cannot use it

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

The certificate is present on the server, but automated builds fail when attempting to sign executables or scripts.

Recommended Resolution Path

  1. Confirm the build agent account has access to the private key.
  2. Check whether the certificate lives in the correct store and includes the needed EKU.
  3. Test signing interactively under the same service account context where possible.
  4. Document key access requirements so signing survives future agent rebuilds.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Security & Continuity
Certificates