.net – ClickOnce signer’s certificate not valid for signing when using makecert/pvk2pfx

clickoncenet

All of a sudden my unexpired certificate created using makecert/pvk2pfx is throwing an error when attempting to publish a ClickOnce application. This worked fine just last week…

Error Message:

Error 2 An error occurred while signing: Failed to sign
bin\Debug\app.publish\setup.exe. SignTool Error: The signer's
certificate is not valid for signing. SignTool Error: An error
occurred while attempting to sign: bin\Debug\app.publish\setup.exe

When I use the "Create Test Certificate" option in the Signing tab that certificate works fine and the application is published successfully.

When manually creating my certificate with makecert/pvk2pfx I'm following the MSDN instructions.

When I delete my old manually created certificate, create a new one using makecert/pvk2pfx and try to use that one I get the same error.

The application is a WPF application targeting .NET 4, and this is all in Visual Studio 2010…

Any ideas?

Best Answer

It worked for me after I specified the certificate length greater than 1024:

makecert -sv MyApp.pvk -n "CN=MyCompany" -len 2048 MyApp.cer -r
pvk2pfx -pvk MyApp.pvk -spc MyApp.cer -pfx MyApp.pfx -po MyPassword

Microsoft released an update that affects all certificates having an RSA key less than 1024 bits long.

Microsoft Security Advisory: Update for minimum certificate key length

Best Answer

Related Solutions

.net – signing ClickOnce manifests for

ClickOnce Publish Signtool Error

Related Topic