Open in app

Sign in

Write

Sign in

Sign the assembly with Visual Studio without going crazy

Stefano Zambonin
3 min readJul 21, 2019

--

Visual Studio 2019 Signing option

Every time I need to “Sign the assembly” with Visual Studio project I risk going crazy because of unexpected lot of errors that start happening.

Every time I think: “I absolutely need to write the process to use, at least to avoid this problem next time”; of course I always forget to do it…

But not this time!

So I thought of publishing a guide: at least I don’t run the risk of losing my notes.

pfx certificate can be of two types (KeySpec value):

  • KeySpec = 1 (AT_KEYEXCHANGE)
  • KeySpec = 2 (AT_SIGNATURE)

Using AT_KEYEXCHANGE type certificate it will be impossible to sign assemblies despite efforts to resolve errors reported by Visual Studio, so let’s follow these steps to produce a pfx certificate that works without any problem:

Step 1 . remove existing certificate

. Remove pfx registration using mmc: write “mmc.exe” from command prompt in elevated mode and press enter.
. Then add the needed Snap-in by clicking on File > Add/Remove Snap-in…
. Select “Certificates” from the “Available snap-ins:” list and click on “Add >” pushbutton.
. Look for not working certificate registration by using all available options: “My useraccount”, “Service account”, “Computer account” and delete it.

mmc Certificates snap-in selection

Step 2 . register certificate with AT_SIGNATURE type

Using elevated command prompt write the following line (change “mycompanysignincert.pfx” with the certificate real name) and press enter:

> certutil -importPFX -user mycompanysignincert.pfx AT_SIGNATURE

Step 3 . export pfx certificate to sign the assembly

Now let’s export .pfx certificate using mmc with the following restriction:
DO NOT CHECK “Include all certificates in the certification path if possible” during the process.

Right click on interested certificate > All Tasks… > export:

mmc certificate export

Export even the private key:

mmc certificate export . private key

Make sure that the item “include all certificates in the certification path if possible” is UNCHECKED:

mmc certificate export . uncheck “Include all certificates…”

Provide the export password:

mmc certificate export . apply password

Save the certificate in the project folder:

mmc certificate export . save certificate to project folder

Check that all options are correct:

mmc certificate export . final options

Click “Finish” to save the exported file:

mmc certificate export . final result

Step 4 . add certificate to Visual Studio Project

Add the certificate to the Visual Studio Signing option and build it; in the following picture a clickonce app is under development, so both ClickOnce manifests and assembly are signed:

Visual Studio ClickOnce application signing

Conclusion

In this post I illustrated how to modify pfx certificate by registering it as AT_SIGNATURE type, export the correct way and use it to sign Visual Studio assembly.

Visual Studio
Assembly
Certificate

--

--

Stefano Zambonin

Written by Stefano Zambonin

3 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams