How to publish a certificate from a pfx file

Note: My situation has slightly changed, so I removed all my previous edits and added a new paragraph. However the basic question listed below is still accurate.

I am trying to publish my ClickOnce VSTO application and have generated a certificate to sign the manifest. The problem is that on the target computer, of course the certificate is not accepted and my application cannot be installed.

In order to make installing possible I would like to install the certificate on the target machine as a trusted certificate. However, I cannot figure out how to proceed.

The only file Visual Studio generated for the certificate is a PFX file. This file includes the private key, and of course I don't want to publish that key. So I wonder how can I extract a public certificate from that PFX file?

Edit:

I'm now able to install the VSTO from and to everywhere (the installation site is part of the local intranet zone on all target machines).

Still on installing I get a warning that the publisher is not known, which to me actually means the certificate is not trusted, i.e. the original question remains: How to extract and then trust that certificate is done?

Is your application a VSTO application? AFAIK, VSTO does require a valid certificate, or that the cert be installed on the user's machine and has a trusted publisher. But non-VSTO ClickOnce does not, unless there's been something changed on the machine? It should give the security prompt, but hte user should be able to install the application anyway. Does yours not work this way?

The certificate created in Visual Studio is good for a year.

To get a trusted certificate, you can purchase one (I hear godaddy provides them for as little as $99). If you work in a corporate environment, the corporate IT guys can create a codesigning certificate the chains back to a trusted publisher.

For a PFX file, you can double-click on it to add it to the user's registry.

Yes, I do have a VSTO application. The certificate is already in my store (Visual Studio does that as soon as you use it for signing the Manifest), and yet the app isn't even installed on my own developer machine. I'm not even prompted to trust the certificate, it is simply rejected. I add some details to my question.

chiccodoro 2010-08-19 07:53:35

Done, I added the error message to my question. I tried and deleted the cert from the store, then double-clicked the PFX, but it didn't help. Concerning the company: We do have a company wide certification authority, but for the time being I'm not going to use it, I'll just manually add the certificate to the test environment. I need to understand how to do this anyway, so I'll manage to use the "official" cert correctly later on.

chiccodoro 2010-08-19 07:59:50

Hi Robin, as you can read in my latest edit, yes, now I get a security prompt and am able to install it anyway. But shouldn't I as a user be able to include the certificate in my trusted publishers? (BTW: +1)

chiccodoro 2010-08-19 10:20:53

ansaurus

tags:

views:

answers:

How to publish a certificate from a pfx file

related questions