blueskybooking
asked on
Visual Studio 2008 ClickOnce Code Signing with Thawte Certificate
I'm trying to sign my application with a Thawte Code Signing Certificate.
1. I have purchased a Microsoft® Authenticode® (Multi-Purpose) Code Certificate from Thawte.
http://www.thawte.com/code-signing/index.html
2. I received the certificate and save it as a .SPC file:
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
3. I ran pvk2pfx successfully using the .SPC and original .PVK file to create a .PFX file.
C:\>pvk2pfx -pvk "C:\mycert.pvk" -spc "C:\mycert.spc" -pfx "C:\mycert.pfx"
4. From Visual Studio, I selected Application > Signing > Select from File, which requires a .PFX file.
4a. I select the .PFX file and enter the password.
4b. It returned, "The password is invalid."
I'm unclear if it was appropriate to save the original certificate from Thawte as a .SPC file. I tried entering an incorrect password when creating the .PFX and it failed so I assume it was done correctly.
I'm unable to find the Application > Signing > Select from Store, even though I was able to import it into Certificates - Current User > Personal > Certificates.
I'm not sure where it's going off the rails?
And if possible, I would also like to understand:
1. Do my customers need to re-install the application once I apply this new code signing certificate?
2. Do my customers need to re-install my application when the certificate is renewed next year?
3. Will my application run even if the code signing certificate expires?
Note: Thawte said there was a Microsoft issue and I would need to create a new request next time instead of a renew.
1. I have purchased a Microsoft® Authenticode® (Multi-Purpose) Code Certificate from Thawte.
http://www.thawte.com/code-signing/index.html
2. I received the certificate and save it as a .SPC file:
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
3. I ran pvk2pfx successfully using the .SPC and original .PVK file to create a .PFX file.
C:\>pvk2pfx -pvk "C:\mycert.pvk" -spc "C:\mycert.spc" -pfx "C:\mycert.pfx"
4. From Visual Studio, I selected Application > Signing > Select from File, which requires a .PFX file.
4a. I select the .PFX file and enter the password.
4b. It returned, "The password is invalid."
I'm unclear if it was appropriate to save the original certificate from Thawte as a .SPC file. I tried entering an incorrect password when creating the .PFX and it failed so I assume it was done correctly.
I'm unable to find the Application > Signing > Select from Store, even though I was able to import it into Certificates - Current User > Personal > Certificates.
I'm not sure where it's going off the rails?
And if possible, I would also like to understand:
1. Do my customers need to re-install the application once I apply this new code signing certificate?
2. Do my customers need to re-install my application when the certificate is renewed next year?
3. Will my application run even if the code signing certificate expires?
Note: Thawte said there was a Microsoft issue and I would need to create a new request next time instead of a renew.
ASKER
Unfortunately there appears to be a few problems with code signing in ClickOnce, but the outlined problem does not appear to be the same as listed in this forum.
"Singing [sic] the add-in using the .pfx is okay."
I am stuck on this step.
"Singing [sic] the add-in using the .pfx is okay."
I am stuck on this step.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A follow-up to ClickOnce and Thawte certificates. There is a problem on the client computer in which the certificate chain (Thawte Intermediate CA) does not resolve properly in the dialog. My understanding is there are two resolutions:
1. Install the Thawte Intermediate Code Signing CA on the client computer.
2. Use a VeriSign code signing certificate which does not have the chaining issue.
The issue is not a problem if signing using SIGNTOOL.EXE.
The issue is apparently not resolves in .NET 4.0.
Reference:
http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/c147cb18-bd99-44c0-bb2d-3efb2932b55d
1. Install the Thawte Intermediate Code Signing CA on the client computer.
2. Use a VeriSign code signing certificate which does not have the chaining issue.
The issue is not a problem if signing using SIGNTOOL.EXE.
The issue is apparently not resolves in .NET 4.0.
Reference:
http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/c147cb18-bd99-44c0-bb2d-3efb2932b55d
http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/13876bb8-7dbb-4df1-93f8-70ff467ffd4b