Geeks With Blogs

News
View Szymon Kobalczyk's profile on LinkedIn

Szymon Kobalczyk's Blog A Developer's Notebook

Beta 1 allowed to sign your ClickOnce manifests simply by using a string name key file (.snk). Beta 2 no longer support this, and you are required to provide a publisher certificate. This was bit confusing for me because I had never before to deal with certificates and I had to ask Google for help.

I quickly came across the article “Configuring ClickOnce Trusted Publishers“ by Brian Noyes published last month on MSDN . It explains in detail how ClickOnce uses the certificates and what needs to be done to publish your certificates to user machines so they won't be prompted each time when applications requires elevated privileges. You will also learn how to create a test certificate for yourself using Visual Studio 2005.

The test certificate that VS creates works fine but it has a short validity period (several hours) so I don't think it could be deployed on production server. As I said, I don't know much about certificates, but I was curious how to make my own private certificate for my projects.

After bit more searching I found that Framework SDK contains tool for this, called MakeCert. Here is the command line to make a certificate similar to one created by VS:

makecert -r -pe -a sha1 -n "CN=yourcompany" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.3 -ss My

The -b and -e option specify the time period when certificate is valid. The -eku option specifies the certificate is intended for code signing. I've also added -a sha1 option to set the same algorithm that VS uses (but I don't think it matters).

It's important to use the -pe option which allows to export the private key from the certificate. To do this use CertMgr (another tool from Framework SDK). The new certificate will be installed in your personal store. Select it and click on the Export button. Click Next on the first page, and on the second select to export the private key. On the next one you can select some additional options; if not sure just leave on default. After that you will be asked to type password for the file; can be left blank. On the last one specify the file name and location. Finish the wizard and you should get a .pfx file that can be used in VS or imported on user machines.

To use this certificate to sign your project manifests open project properties (from Solution Explorer) and go to the Signing tab. You can either click “Select form Store...” button and select the certificate from your personal store or use the “Select form File...“ button if you exported the certificate to a file.

To learn how to publish the certificate to user machines read the Brian's article.

Now that I have my own certificate, my next goal is to automate the publishing so it can be run without using Visual Studio. The ultimate goal is to make it part of the install application (for the server part). Please let me know if you have any success with that.

Posted on Monday, May 30, 2005 10:50 PM Development | Back to top


Comments on this post: Creating Publisher Certificates For ClickOnce

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Great article!
Left by Sander Oosterwijk on Jul 15, 2005 11:59 AM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
This is what I have been looking for for months. It's a wonder Microsoft can't come up with any tutorials so simple and straightforward...
Left by AustinW on Nov 21, 2005 10:18 PM

# Top X ways to learn about ClickOnce
Requesting Gravatar...
Sameer Bhangar the Test Lead on ClickOnce project recently internally sent out a list of the top ways...
Left by Saurabh Pant's Weblog on Nov 21, 2005 4:39 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Outstanding! The combination of the two articles are exactly what I needed.
Left by Wonder Nuts on Apr 24, 2006 3:26 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Thanks for the Info,

Once I created the key we just used AD and set up the Key to be pushed vie GPO.

I'm still interested figuring out a way to include it the install, will mess with that when I have more time.

Here's another way to create a cert if any one is interested.

http://msdn2.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx

Thanks
Joe
Left by Joe on Jul 07, 2006 5:49 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
I have figured out how to wrap clickonce via installshield for deployment to clients private networks. It takes some gymnastics do be done via MSBUILD and via installshield if anyone is interested in learning more I can help and consult.
Left by Jonathan McAllister on Apr 22, 2008 7:28 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Guy/Girls,
I have an existing clickonce deployed apllication but have had to rebuild the build server. How to i continue deploying to the existing clickonce location using the new build machine?
Thanks in advance.

KP
Left by KP on Apr 22, 2009 12:38 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
msbuild projfile.csproj /t:publish should do the trick. You can also automate it in no time.
Left by yakir dorani on Aug 30, 2009 8:01 AM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Thank you, this short and helpful...
Left by Dogu Tumerdem on Mar 31, 2010 1:46 AM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Thanks man!!!! This will help a lot!!!
Left by Jaco Pretorius on Jul 19, 2010 5:35 AM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
Quick question. Where does the cert file get generated?
Left by Virgil on Nov 17, 2010 2:52 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
This post is really great! I have been searching for some information about the Publisher Certificates and accidentally I have noticed this headline. As I see, this site is full of more such great posts like this one so I will definitely bookmark it. Thanks a lot one more time.
Left by payday loans in georgia Atlanta on Nov 26, 2010 8:27 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
when i open youporn.com i dont see a movie and see a message " need a latest version of flash player
Left by mehmood on May 18, 2011 1:51 PM

# re: Creating Publisher Certificates For ClickOnce
Requesting Gravatar...
This was extremely useful. Thanks.
Left by Nick on Jul 14, 2011 10:34 AM

Your comment:
 (will show your gravatar)


Copyright © Szymon Kobalczyk | Powered by: GeeksWithBlogs.net | Join free