发表新帖
发表新帖

ClickOnce signer's certificate not valid for signing when using makecert/pvk2pfx

后端 未结
关注
3 527
予麋鹿
予麋鹿 2020-12-28 21:44

All of a sudden my unexpired certificate created using makecert/pvk2pfx is throwing an error when attempting to publish a ClickOnce application. This worked

相关标签:
3条回答
  • 孤独总比滥情好
    2020-12-28 22:29

    I had a Visual Studio 2013 project that I could sign with a (Visual Studio-generated) pfx file, but that same certificate would not work using the SignTool, no matter what I did.

    I then started making new certs using MakeCert and Pvk2Pfx, and that didn't work either. I tried changing the encryption from SHA1 to SHA512, changing the key length from 256 to 2048 (as suggested elsewhere), changing the version of SignTool, etc, etc.

    I must have checked 1,000 different links containing "The Signer's Certificate Is Not Valid For Signing".

    I'm summarizing the main things that will most likely fix the problem. This is all based on generating a new pfx file; the Visual Studio-generated one won't be usable.

    1. Generate your .cer and .pvk files using MakeCert with the -len switch set to at least 1024 - or, better for future-proofing, 2048 - and the all-important -r switch which self-signs the certificate. I explicitly added an end date (using -e 12/31/2039) and SH256 encryption algorithm (-a SHA256). I suggest adding a password.
    2. Generate your .pfx file from the .cer and .pvk files using Pvk2Pfx with the standard/default switches.
    3. Use SignTool to sign the assembly, using -p {YourPassword} matching the MakeCert-provided password.
    0 讨论(0)
  • 醉话见心
    2020-12-28 22:32

    After using the -r switch (create a self signed certificate) with Makecert, the pfx certificate generated with pvk2pfx now works for ClickOnce publishing... I am not sure exactly what happened here since the old key that was not "self signed" worked fine for a long time...

    Exact commands I used to create the working pfx certificate...

    makecert -sv MyApp.pvk -n "CN=MyCompany" MyApp.cer -r

pvk2pfx -pvk MyApp.pvk -spc MyApp.cer -pfx MyApp.pfx
    0 讨论(0)
  • 广开言路
    2020-12-28 22:50

    It worked for me after I specified the certificate length greater than 1024:

    makecert -sv MyApp.pvk -n "CN=MyCompany" -len 2048 MyApp.cer -r
pvk2pfx -pvk MyApp.pvk -spc MyApp.cer -pfx MyApp.pfx -po MyPassword

    Microsoft released an update that affects all certificates having an RSA key less than 1024 bits long.

    Microsoft Security Advisory: Update for minimum certificate key length

    0 讨论(0)
 看不清?
提交回复
热议问题