Visual Studio 2008 ClickOnce Code Signing with Thawte Certificate

I'm trying to sign my application with a Thawte Code Signing Certificate.

1. I have purchased a Microsoft® Authenticode® (Multi-Purpose) Code Certificate from Thawte.

2. I received the certificate and save it as a .SPC file:


3. I ran pvk2pfx successfully using the .SPC and original .PVK file to create a .PFX file.

  C:\>pvk2pfx -pvk "C:\mycert.pvk" -spc "C:\mycert.spc" -pfx "C:\mycert.pfx"

4. From Visual Studio, I selected Application > Signing > Select from File, which requires a .PFX file.
4a. I select the .PFX file and enter the password.
4b. It returned, "The password is invalid."

I'm unclear if it was appropriate to save the original certificate from Thawte as a .SPC file.  I tried entering an incorrect password when creating the .PFX and it failed so I assume it was done correctly.

I'm unable to find the Application > Signing > Select from Store, even though I was able to import it into Certificates - Current User > Personal > Certificates.

I'm not sure where it's going off the rails?

And if possible, I would also like to understand:

1. Do my customers need to re-install the application once I apply this new code signing certificate?
2. Do my customers need to re-install my application when the certificate is renewed next year?
3. Will my application run even if the code signing certificate expires?

Note: Thawte said there was a Microsoft issue and I would need to create a new request next time instead of a renew.
Who is Participating?
OfficedoxsConnect With a Mentor Author Commented:
There is an apparent issue with Microsoft's pvk2pfx tool which caused the problem.  I'm not sure if it's specific to Thawte code signing certificates or others.

After a technical support session with Thawte I was able to run another Microsoft application, pvkimprt, with success.

I imported the certificate into the Certificates - Current User > Personal > Certificates store.

I was then able to select the certificate successfully from Visual Studio > My Application > Signing > Select from Store.
OfficedoxsAuthor Commented:
Unfortunately there appears to be a few problems with code signing in ClickOnce, but the outlined problem does not appear to be the same as listed in this forum.

"Singing [sic] the add-in using the .pfx is okay."

I am stuck on this step.
OfficedoxsAuthor Commented:
A follow-up to ClickOnce and Thawte certificates.  There is a problem on the client computer in which the certificate chain (Thawte Intermediate CA) does not resolve properly in the dialog. My understanding is there are two resolutions:

1. Install the Thawte Intermediate Code Signing CA on the client computer.

2. Use a VeriSign code signing certificate which does not have the chaining issue.

The issue is not a problem if signing using SIGNTOOL.EXE.

The issue is apparently not resolves in .NET 4.0.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.