Sign the assembly with Visual Studio without going crazy
Every time I need to “Sign the assembly” with Visual Studio project I risk going crazy because of unexpected lot of errors that start happening.
Every time I think: “I absolutely need to write the process to use, at least to avoid this problem next time”; of course I always forget to do it…
But not this time!
So I thought of publishing a guide: at least I don’t run the risk of losing my notes.
pfx certificate can be of two types (KeySpec value):
- KeySpec = 1 (AT_KEYEXCHANGE)
- KeySpec = 2 (AT_SIGNATURE)
Using AT_KEYEXCHANGE type certificate it will be impossible to sign assemblies despite efforts to resolve errors reported by Visual Studio, so let’s follow these steps to produce a pfx certificate that works without any problem:
Step 1 . remove existing certificate
. Remove pfx registration using mmc: write “mmc.exe” from command prompt in elevated mode and press enter.
. Then add the needed Snap-in by clicking on File > Add/Remove Snap-in…
. Select “Certificates” from the “Available snap-ins:” list and click on “Add >” pushbutton.
. Look for not working certificate registration by using all available options: “My useraccount”, “Service account”, “Computer account” and delete it.
Step 2 . register certificate with AT_SIGNATURE type
Using elevated command prompt write the following line (change “mycompanysignincert.pfx” with the certificate real name) and press enter:
> certutil -importPFX -user mycompanysignincert.pfx AT_SIGNATURE
Step 3 . export pfx certificate to sign the assembly
Now let’s export .pfx certificate using mmc with the following restriction:
DO NOT CHECK “Include all certificates in the certification path if possible” during the process.
Right click on interested certificate > All Tasks… > export:
Export even the private key:
Make sure that the item “include all certificates in the certification path if possible” is UNCHECKED:
Provide the export password:
Save the certificate in the project folder:
Check that all options are correct:
Click “Finish” to save the exported file:
Step 4 . add certificate to Visual Studio Project
Add the certificate to the Visual Studio Signing option and build it; in the following picture a clickonce app is under development, so both ClickOnce manifests and assembly are signed:
Conclusion
In this post I illustrated how to modify pfx certificate by registering it as AT_SIGNATURE type, export the correct way and use it to sign Visual Studio assembly.