Re: Online Only Digital Signature
- From: oldbear <oldbear@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 20 Mar 2006 12:21:31 -0800
Hi James
What's important is not whether the file contains the private key, but
whether the certificate in the cert store has a private key associated with
it. I create certs by placing them into stores, rather than into files:
makecert -n "CN=clickonceweb" -pe -sr localmachine -ss my
In the above, the certificate is placed into the local machine store, and
has a private key associated with it. You can always export the certificate
without the private key into a .cer file.
Can you open the cert store, view the certificate. On the first tab of the
dialog, if there is a a key at the bottom of the dialog with the words 'You
have a private key that corresponds to this certificate' then you're OK as
regards having a private key. The signing page in Visual Studio points to the
certificate store, rather than to a certificate file (it points to the user
store), as you rightly said.
If the cert has a private key, then we've eliminated one source of error.
Hope this helps
Chris Seary
"James Pemberton" wrote:
I'm sorry I wasn't clear. I created my certificate file like so:.
makecert -r -pe -a sha1 -n "CN=CompanyTest" -b 01/01/2000 -e 01/01/2036 -eku
1.3.6.1.5.5.7.3.3 -ss Name Name.cer
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be631987a78c81a74170e4a67@xxxxxxxxxxxxxxxxxxxxx
After I created my certificate file
what kind of file was that?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
After I created my certificate file, I used the signed certifacte I
had installed in one of my stores as the signature certificate.
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be631987a18c81a6da90e962a@xxxxxxxxxxxxxxxxxxxxx
you also have to sign the manifest - you need a private key for that,
usually packaged in a .pfx file.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I am trying to deploy an application to our application server using
Clickonce. I was hoping not to have to install the application on
every Citrix server that our users access, but utilize the Online
Only function to actually run the application from the application
server. I have created a signature using MAKECERT called name.cer
and converted that to a name.spc. I then took the name.spc and added
the certificate to the "trusted Root Certification Authorities" and
the "Trusted Publishers" on one of my Citrix servers. But whenever
I try to execute the application I still get the dialog box about
the application being an unknown publisher. I am trying to
eliminate this from the user. Is there something else I can do to
publish the application to a server and then execute it from there
for any user that has access to the application directory?
Thanks
- References:
- Online Only Digital Signature
- From: James Pemberton
- Re: Online Only Digital Signature
- From: Dominick Baier [DevelopMentor]
- Re: Online Only Digital Signature
- From: James Pemberton
- Re: Online Only Digital Signature
- From: Dominick Baier [DevelopMentor]
- Re: Online Only Digital Signature
- From: James Pemberton
- Online Only Digital Signature
- Prev by Date: Re: Role based security flaw?
- Next by Date: Re: Role based security flaw?
- Previous by thread: Re: Online Only Digital Signature
- Next by thread: Re: Online Only Digital Signature
- Index(es):
Relevant Pages
|
