Visual Studio 2008 ClickOnce Code Signing with Thawte Certificate

I'm trying to sign my application with a Thawte Code Signing Certificate.

1. I have purchased a Microsoft® Authenticode® (Multi-Purpose) Code Certificate from Thawte.

2. I received the certificate and save it as a .SPC file:


3. I ran pvk2pfx successfully using the .SPC and original .PVK file to create a .PFX file.

  C:\>pvk2pfx -pvk "C:\mycert.pvk" -spc "C:\mycert.spc" -pfx "C:\mycert.pfx"

4. From Visual Studio, I selected Application > Signing > Select from File, which requires a .PFX file.
4a. I select the .PFX file and enter the password.
4b. It returned, "The password is invalid."

I'm unclear if it was appropriate to save the original certificate from Thawte as a .SPC file.  I tried entering an incorrect password when creating the .PFX and it failed so I assume it was done correctly.

I'm unable to find the Application > Signing > Select from Store, even though I was able to import it into Certificates - Current User > Personal > Certificates.

I'm not sure where it's going off the rails?

And if possible, I would also like to understand:

1. Do my customers need to re-install the application once I apply this new code signing certificate?
2. Do my customers need to re-install my application when the certificate is renewed next year?
3. Will my application run even if the code signing certificate expires?

Note: Thawte said there was a Microsoft issue and I would need to create a new request next time instead of a renew.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OfficedoxsAuthor Commented:
Unfortunately there appears to be a few problems with code signing in ClickOnce, but the outlined problem does not appear to be the same as listed in this forum.

"Singing [sic] the add-in using the .pfx is okay."

I am stuck on this step.
OfficedoxsAuthor Commented:
There is an apparent issue with Microsoft's pvk2pfx tool which caused the problem.  I'm not sure if it's specific to Thawte code signing certificates or others.

After a technical support session with Thawte I was able to run another Microsoft application, pvkimprt, with success.

I imported the certificate into the Certificates - Current User > Personal > Certificates store.

I was then able to select the certificate successfully from Visual Studio > My Application > Signing > Select from Store.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OfficedoxsAuthor Commented:
A follow-up to ClickOnce and Thawte certificates.  There is a problem on the client computer in which the certificate chain (Thawte Intermediate CA) does not resolve properly in the dialog. My understanding is there are two resolutions:

1. Install the Thawte Intermediate Code Signing CA on the client computer.

2. Use a VeriSign code signing certificate which does not have the chaining issue.

The issue is not a problem if signing using SIGNTOOL.EXE.

The issue is apparently not resolves in .NET 4.0.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.