Welcome to MSDN Blogs Sign in | Join | Help

.net ready !!!

        Maxime Lamure
          MCS France
Create your own .pfx file for ClickOnce

When you use ClickOnce to deploy your application with Visual Studio, a .pfx file is automatically generated by default.

Reminder:
When you want to use Authenticode signing, you need:

· A public key (.cer file) which is given by a Certificate Authority (trusted third party)
· A private Key (.pvk file) that you generate and you keep confidential

A Personal Information Exchange (pfx file) contains a public key and a private key. You can use it to hash your files (binary, assembly …) and even signed your manifest file for ClickOnce.

If you want to create your own PFX file with your personal information, you have to complete these two steps:

Create your public & private Keys (You will be prompt to define the private key’s password):
makecert.exe -sv MyKey.pvk -n "CN=.NET Ready!!!" MyKey.cer

Create your PFX file from the public and private key
pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto

Now that you have your PFX file, you can sign your application with mage or mageUI:

With Mage:

Sign the application manifest
mage -sign MyApplication _1_0_0_0\ MyApplication.exe.manifest -CertFile Test.pfx -pwd "toto"
With :
MyApplication _1_0_0_0\ MyApplication.exe.manifest :application manifest
Test.pfx : pfx file (include the private and public keys)
toto= password

Update the deployment manifest with the application manifest
mage -update MyApplication.application –AppManifest MyApplication _1_0_0_0\ MyApplication.exe.manifest
With :
MyApplication.application : deploy manifest
MyApplication _1_0_0_0\ MyApplication.exe.manifest : application manifest

Sign the deployment manifest
mage -sign MyApplication.application -CertFile Test.pfx -pwd "toto"
With :
MyApplication.application : deploy manifest
Test.pfx : pfx file (include the private and public keys)
toto= password

With MageUI:

 

Or your can define your certificate to sign your ClickOnce manifest in Visual Studio (before deployment):

Now, your application will be deployed with your certificate ;-)

Have Fun !!!

Posted: Wednesday, January 24, 2007 10:41 PM by Maxime LAMURE
Filed under: ,

Comments

André said:

This article really made my day :)

Thanks!!

# April 2, 2007 10:52 AM

Tod said:

Merci bien Maxime, c'était parfait!

# June 4, 2007 4:04 PM

Swiss DPE Team Blog said:

Based on a recent inquiry, I have compiled the following, simple How-To on digitally signing Vista Sidebar

# September 24, 2007 7:24 AM

Anant Tiwari said:

Just Wow,

Gr8 work

# October 17, 2007 8:08 AM

Basil Behnan said:

I want To change the formula from jpg to pfx

# January 24, 2008 9:25 AM

Manoj said:

How to increase the expire date of the pfx file

# May 23, 2008 1:33 AM

Amrendra Kumar Mishra said:

This is required for testing purpose.

Required for development.

# June 2, 2008 7:27 AM

BrownJ said:

Thank you for this great article. It really helped me resolve my isssue... THanks.

# June 6, 2008 3:46 PM

Andrew Shepherd said:

I hope you haven't gotten sick of people thanking you yet, but...

THANK YOU! I spent the last few hours trying to understand the MSDN, and then I stumbled over this blog which answered everything. You're awesome.

# July 9, 2008 3:04 AM

Adrian said:

I see that in your example, you set the X509name to "CN=.NET Ready!!!".  Ok, but what does it mean?  I've looked around and I get some vague answers like from Wikipidia:

"Its subject contains many personal details, but the most important part is usually the common name (CN), as this is the part that must match the host being authenticated." (http://en.wikipedia.org/wiki/X.509)

But how is it matched?

Giving some other examples I've seen, it looks like that string can be anything anyway.  So why even bother?

# August 22, 2008 10:42 AM

Adrian said:

I see that in your example, you set the X509name to "CN=.NET Ready!!!".  Ok, but what does it mean?  I've looked around and I get some vague answers like from Wikipidia:

"Its subject contains many personal details, but the most important part is usually the common name (CN), as this is the part that must match the host being authenticated." (http://en.wikipedia.org/wiki/X.509)

But how is it matched?

Giving some other examples I've seen, it looks like that string can be anything anyway.  So why even bother?

# August 22, 2008 10:44 AM

Dario Columbich said:

Someone can send me the pvk2pfx.exe i've lost from my drive to dcolumbich@hotmail.com. Thank you.

# August 28, 2008 12:23 AM

Bobko Alexander said:

Someone can send me the pvk2pfx.exe to bobkoalexander@gmail.com. Thank you.

# November 10, 2008 10:21 AM

Mitchan Adams said:

All good, but now how can you keep you chaining intact. the p7b aka PCKS#7 file contains chaining information. The method of signing you just described doesnt accomidate chaining. Any ideas people?

# November 12, 2008 11:27 AM

Dennis van der Stelt said:

Remark : If you’re not using FinalBuilder but plain MSBuild, you can most likely benefit from the tutorial

# November 26, 2008 5:13 PM

raju dasa said:

nice post.

what i have been searching for. Keep it up!

# December 30, 2008 2:30 AM

Kashish Mehta said:

I wonder why MSDN cannot be less confusing.

Thanks.

# January 2, 2009 12:04 AM

Leif said:

Thank you for information that is simple and to the point. I like your example, not too much but it fully illustrates the process well!

Thank you again!

# May 4, 2009 2:25 PM

mrunal said:

am from india......ur article is really helpful.......thanks for online chat help.....

# July 23, 2009 6:28 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker