Clickonce Application failed to Publish
-
I've been maintaining a clickonce application for a few years now and Publishing without problems. I haven't needed to Publish for a little while, but yesterday when I had to do a release for testing, I received the following error: When attempting to Publish , the following error was received: Error 2 An error occurred while signing: Failed to sign bin\Debug\app.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x800B010A A certificate chain could not be built to a trusted root authority. SignTool Error: An error occurred while attempting to sign: bin\Debug\app.publish\\setup.exe A quick look at the certificate which had the following error The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered. After barking up the wrong tree, I finally came across this little gem of an article that discribes the issue and its fixes. http://blogs.technet.com/b/askds/archive/2012/08/14/rsa-key-blocking-is-here.aspx?wa=wsignin1.0[^]
Quote:
By default, makecert.exe creates certificates that chains up to the Root Agency root CA certificate located in the Intermediate Certification Authorities store. The Root Agency CA certificate has a public key of 512 bits, so once you deploy this update no certificate created with makecert.exe will be considered valid. You should now consider makecert.exe deprecated
I've implemented the a certificate following his instructions and can now Publish the app. Not bad, this is the first time a Windows Update has broken one of my applications.
-
I've been maintaining a clickonce application for a few years now and Publishing without problems. I haven't needed to Publish for a little while, but yesterday when I had to do a release for testing, I received the following error: When attempting to Publish , the following error was received: Error 2 An error occurred while signing: Failed to sign bin\Debug\app.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x800B010A A certificate chain could not be built to a trusted root authority. SignTool Error: An error occurred while attempting to sign: bin\Debug\app.publish\\setup.exe A quick look at the certificate which had the following error The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered. After barking up the wrong tree, I finally came across this little gem of an article that discribes the issue and its fixes. http://blogs.technet.com/b/askds/archive/2012/08/14/rsa-key-blocking-is-here.aspx?wa=wsignin1.0[^]
Quote:
By default, makecert.exe creates certificates that chains up to the Root Agency root CA certificate located in the Intermediate Certification Authorities store. The Root Agency CA certificate has a public key of 512 bits, so once you deploy this update no certificate created with makecert.exe will be considered valid. You should now consider makecert.exe deprecated
I've implemented the a certificate following his instructions and can now Publish the app. Not bad, this is the first time a Windows Update has broken one of my applications.
I too have just been stung by this. My ClickOnce app, which has worked fine for several years, can no longer be published. Thanks for that, Microsoft. I've read the instructions in the TechNet article you linked to, and I've created a .crt file using certreq, but what do I do with it now? The Signing tab in Visual Studio only lets me select .pfx files. It would be great if you could give more detail about the steps you went through to get your ClickOnce app into a publishable state again. If I get this working and re-sign my app with the new certificate created by certreq, will my users need to uninstall and reinstall, or will ClickOnce update them seamlessly to the new version?
-
I too have just been stung by this. My ClickOnce app, which has worked fine for several years, can no longer be published. Thanks for that, Microsoft. I've read the instructions in the TechNet article you linked to, and I've created a .crt file using certreq, but what do I do with it now? The Signing tab in Visual Studio only lets me select .pfx files. It would be great if you could give more detail about the steps you went through to get your ClickOnce app into a publishable state again. If I get this working and re-sign my app with the new certificate created by certreq, will my users need to uninstall and reinstall, or will ClickOnce update them seamlessly to the new version?
Once you have the .crt file, import it using Certificate Manager. I used mmc and added the Certificates Snap-in, then right-click on the Personal node and click Import. In Visual Studio, Go to Properties, select Signing and select the new Certificate from the Store. The new certificate was accepted and the Publish was successful after that. Once published, my users were upgraded the same as any normal deployment. There wasn't a need to uninstall first. As a side issue, some users now get another link to the application on the start menu after installing a new deployment, but I think this is unrelated to the above.