Sunday, 12 December 2010

Temporary Clickonce Certificates expire after 1 year

Creating and deploying Microsoft Clickonce Applications is a very simple process. However, it’s worth knowing that under the hood quite a lot is taken care for you by the Clickonce deployment wizard.

Once of the most important things to take care of is the Signing certificate. When you first deploy you Clickonce application, the wizard will create a temporary certifacte for signing your application.

What you may not realise at this point is that this certificate will expire in 1 years time. This has the result of rendering your deployed application inert and unable to perform updates.

To find the date of expiry of the Project’s Certificate, open up your project properties, and select the “Signing” tab. From here you’ll see the Certificate’s Details, including it’s expiry date. Here you should also take note of the “Issued To” and "Issued By” fields, you will need them later!

Microsoft of course, expect people to go ahead and buy a certificate from a third party supplier such as Verisign, this usually costs just under £100 or so, and may not be reasonable for small scale deployment. It certainly wouldn’t be if you didn’t realise till some time after the client has settled their invoice!

Microsoft has realised that an expired certificate will cause problems for people, and as such have documented a few workarounds;

http://support.microsoft.com/kb/925521

The first option you have is to uninstall your application and reinstall on all your client computers. not so easy if they are a few hundred miles away.

The second option is to extend the the life of your existing certificate using some example code which Microsoft have kindly supplied.

However, this code is somewhat simplistic, mainly in it’s error checking, so kindly some nice folk over at may.be have created a new project solution and some updated code for us to make use of;

http://may.be/renewcert/

Depending on which version of Visual Studio and Dot Net Framework you use, it will most likely be necessary to download the provided Solution, convert it to your version of Visual Studio, and recompile the source.

Once you’ve done this, copy the compiled executable from the \Debug directory to the directory where your solution has created the temporary key file for you. Usually this file is <YourProjectName>_TemporaryKey.pfx, and usually resides in the same directory as your project files. (Where <YourProjectName> is obviously the name of your project!

With the RenewCert.exe file in your project directory, open up a command prompt and cd to your project directory.

Once there, execute the following command;

renewcert MyProject_TemporaryKey.pfx MyProject_FiveYearKey.pfx CN=”MYDOMAIN\MYUSERNAME”

Where you should replace MyProject with the name of your project, and replace “MYDOMAIN\MYUSERNAME” with the information shown in the “Issued By” information I asked you to remember above.

This will create you a nice new Certificate, with a five year expiry. You can then close your command prompt and return to Visual Studio.

From here, you can hit the “Select From File” button in the Signing tab, and load your new certificate. check your expiry date, and it will now have a good five years to run.

All done for the next few years….. Till next time!