Generate Certificate for ClickOnce


Author
Message
Philipp Guntermann
Philipp Guntermann
StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)
Group: Forum Members
Posts: 141, Visits: 263
Hi,

i am looking for a Tool to generate non-expireing certificates for clickonce deployment of our applications. All i found so far is some Microsoft command line tool, which explicitly states that the certificates it generates are only for "test" purposes.

Thanks.

Philipp Guntermann
Philipp Guntermann
StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)
Group: Forum Members
Posts: 141, Visits: 263
this is what i got from reading the msdn information on the subject:

1) I start the "Visual Studio 2008 Command Prompt" and first enter:

C:\Programme\Microsoft Visual Studio 9.0\VC#>makecert.exe -n "CN=ERV" -pe -r -ek
u 1.3.6.1.5.5.7.3.3 -e 01/01/2039 -sv ERV.pvk ERV.cer -a sha1

This will ask me for a password twice. I choose "mypassword" for both.

It will then say: "Succeded".

2) Next i'll enter:

C:\Programme\Microsoft Visual Studio 9.0\VC#>pvk2pfx.exe -pvk ERV.pvk -spc ERV.c
er -pfx ERV.pfx

This will ask me for the password again. i enter "mypassword" again.

It will then create a file called ERV.pfx

3) Within the Solution in Visual Studio i goto properties->signing-> and select "From File". I then choose the created "ERV.pfx" file.

It will ask me for the password. I enter "mypassword".

Not i get an Errormessage saying "The password is invalid" !!

I also tried the same procedure selected "No Password" at step 1 and then never entering a password. It will still ask for a password when selecting the file in VS and then say "The password is invalid".

^^


Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
Yeah, this can be a frustrating process.  It is never straight forward.  The ultimate goal is to get the certificate in a pfx format then you can use the code signing tool to sign any EXE or install.  This is the approach that we take.  Generally you are starting with a .SPC file that you received from the certificate company as well as the PVK.  To produce a PFX, you can use this pvkimprt tool:

pvkimprt.exe -PFX mycert.spc mykey.pvk

Attachments
pvkimprt.zip (221 views, 12.00 KB)
Philipp Guntermann
Philipp Guntermann
StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)
Group: Forum Members
Posts: 141, Visits: 263
you are starting with a .SPC file that you received from the certificate company as well as the PVK.

Hi Trend, thanks for the reply.

However, we dont have a spc from a certificate company. basicly i want to make my own certificate. i dont care about the warning message during install. but i want it to last very long, or better never expire during the applications lifetime.

Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
Philip,



What I did for ClickOnce is to just generate the certificate using Visual Studio, then I used the tool from this site to extend the time of the certificate:



http://www.may.be/renewcert/



I made it last like 10 years...probably by then we'll be using something else anyway. I did this about a year ago, so I don't remember exactly how it works, but I got it to work eventually. If you are already installing your app via ClickOnce in production, be sure to update the current certificate, or everybody has to uninstall/reinstall.



Good luck!



Greg
Philipp Guntermann
Philipp Guntermann
StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)
Group: Forum Members
Posts: 141, Visits: 263
Hi Greg,

thanks. i will try that tool tommorow.

Can u confirm that the "Untrusted Source" Message only appears on the first install, and not anymore on updates ? Because we plan to distribute the ClickOnce-Setup.exe file through novell NAP, so that a user clicks that and it will allways be up-to-date.

If it were showing the message for the updates aswell, instead we would need to distribute 2 shortcuts (one for update, and one for regular program use).

Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
Yes, you only see the untrusted message on first install. After that, when the user starts the app, a "launching application" dialog will appear that indicates that ClickOnce is verifying the app. The app will then either startup or if a new build is available and required, it will automatically start downloading, install itself and the app will start. I can't remember what happens with an optional upgrade...just don't do optional installations (maybe once in two years).
Philipp Guntermann
Philipp Guntermann
StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)StrataFrame User (231 reputation)
Group: Forum Members
Posts: 141, Visits: 263
Hi Greg,

i have now tried this at home. I installed VC++ Express and downloaded the Renewcert Project from the URL you linked. i then changed the code to add 50 years instead of 5 and compiled it.

It really works BigGrin Made a little test c# solution and it now has a certificate expiring on the 13.01.2059 BigGrin

Many thanks for that information !!

Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
Cool! This is a must have when using ClickOnce. Your smart to figure this out early instead of suddenly getting a ton of support calls because the app won't install anymore! Pinch
Ivan George Borges
Ivan George Borges
Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)Strategic Support Team Member (3.5K reputation)
Group: StrataFrame MVPs
Posts: 1.9K, Visits: 21K
[quote]... and it now has a certificate expiring on the 13.01.2059 BigGrin

Have you started worrying about what you are going to do after that? Hehe

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search