 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / December 2006How to deploy a VS2005 VB app without signing the clickonce manifest and assy
I would really like to avoid having to reinstall this app on 20 some users on our local network because the Certificate expires after a year. But as soon as I uncheck the "Sign the ClickOnce manfiest box" it checks itself after I rebuild the app and then the publish fails with the error: SignTool reported an error 'Failed to sign bin\Debug\PHFx.publish\PHFx.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x80880253 The signer's certificate is not valid for signing. SignTool Error: An error occurred while attempting to sign: bin\Debug\PHFx.publish\PHFx.publish\\setup.exe It is a local network. I don't care about all of these signing tools I just want an easy deployment. Thanks, Phil Why do you have to resign after one year ? what type of certificates are you using? If you are using a VS generated one - this cannot be validated anyway regardless of expiration (unknown publisher) And no - you always have to sign the manifest. --- Dominick Baier, DevelopMentor http://www.leastprivilege.com > I would really like to avoid having to reinstall this app on 20 some > users on our local network because the Certificate expires after a [quoted text clipped - 16 lines] > Thanks, > Phi Have you considered applying a timestamp at signing time? (See the docs for the "Timestamp server URL" textbox on the project properties "Signing" tab.) Applying a timestamp will allow the signature to continue to be evaluated as valid even after the signing certificate eventually expires. >I would really like to avoid having to reinstall this app on 20 some > users on our local network because the Certificate expires after a [quoted text clipped - 16 lines] > Thanks, > Phil This is obviously a very undesirable and regrettable feature for ClickOnce. I've discovered a useful workaround. Just set your system clock back while publishing the application. Then deploy it, and the client will still be able to use it (even if their system clock is past the expirationd date). Remember to reset your system clock ! This is a quick and dirty fix for all of those people that right now are discovering this limitation. I havent tried the timestamp thing yet, or even looked to see what it is - this is just the workaround I discovered. Thanks for posting that workaround. It worked for me. It's a very annoying defect in ClickOnce and the error message doesn't help much. cool. there is always a workaround for security - once you try it hard enough....(sarcasm) ----- Dominick Baier (http://www.leastprivilege.com) > Thanks for posting that workaround. It worked for me. It's a very > annoying defect in ClickOnce and the error message doesn't help much. I recreated a key with an expiration date 2036. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.