|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to deploy a VS2005 VB app without signing the clickonce manifest and assyusers on our local network because the Certificate expires after a year. But as soon as I uncheck the "Sign the ClickOnce manfiest box" it checks itself after I rebuild the app and then the publish fails with the error: SignTool reported an error 'Failed to sign bin\Debug\PHFx.publish\PHFx.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x80880253 The signer's certificate is not valid for signing. SignTool Error: An error occurred while attempting to sign: bin\Debug\PHFx.publish\PHFx.publish\\setup.exe It is a local network. I don't care about all of these signing tools I just want an easy deployment. Thanks, Phil Why do you have to resign after one year ? what type of certificates are
you using? If you are using a VS generated one - this cannot be validated anyway regardless of expiration (unknown publisher) And no - you always have to sign the manifest. --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > I would really like to avoid having to reinstall this app on 20 some > users on our local network because the Certificate expires after a > year. But as soon as I uncheck the "Sign the ClickOnce manfiest box" > it checks itself after I rebuild the app and then the publish fails > with the error: > > SignTool reported an error 'Failed to sign > bin\Debug\PHFx.publish\PHFx.publish\\setup.exe. SignTool Error: > ISignedCode::Sign returned error: 0x80880253 > > The signer's certificate is not valid for signing. > > SignTool Error: An error occurred while attempting to sign: > bin\Debug\PHFx.publish\PHFx.publish\\setup.exe > > It is a local network. I don't care about all of these signing tools I > just want an easy deployment. > > Thanks, > Phil Have you considered applying a timestamp at signing time? (See the docs for
the "Timestamp server URL" textbox on the project properties "Signing" tab.) Applying a timestamp will allow the signature to continue to be evaluated as valid even after the signing certificate eventually expires. Show quoteHide quote "Phillip" <paputzb***@insightbb.com> wrote in message news:1161107069.406194.217030@m73g2000cwd.googlegroups.com... >I would really like to avoid having to reinstall this app on 20 some > users on our local network because the Certificate expires after a > year. But as soon as I uncheck the "Sign the ClickOnce manfiest box" it > checks itself after I rebuild the app and then the publish fails with > the error: > > SignTool reported an error 'Failed to sign > bin\Debug\PHFx.publish\PHFx.publish\\setup.exe. SignTool Error: > ISignedCode::Sign returned error: 0x80880253 > > The signer's certificate is not valid for signing. > > SignTool Error: An error occurred while attempting to sign: > bin\Debug\PHFx.publish\PHFx.publish\\setup.exe > > It is a local network. I don't care about all of these signing tools I > just want an easy deployment. > > Thanks, > Phil > This is obviously a very undesirable and regrettable feature for
ClickOnce. I've discovered a useful workaround. Just set your system clock back while publishing the application. Then deploy it, and the client will still be able to use it (even if their system clock is past the expirationd date). Remember to reset your system clock ! This is a quick and dirty fix for all of those people that right now are discovering this limitation. I havent tried the timestamp thing yet, or even looked to see what it is - this is just the workaround I discovered. Thanks for posting that workaround. It worked for me. It's a very
annoying defect in ClickOnce and the error message doesn't help much. cool. there is always a workaround for security - once you try it hard enough....(sarcasm)
----- Dominick Baier (http://www.leastprivilege.com) Show quoteHide quote > Thanks for posting that workaround. It worked for me. It's a very > annoying defect in ClickOnce and the error message doesn't help much. > 
Other interesting topics
Creating MSI for installing .NET security policies
ActiveDirectory group membership in offline profile Help me to understand Code Access Security. I don't get it. Effective FileSystemRights for a WindowsIdentity??? The remote server returned an error: (403) Forbidden in webrequest Which encryption type ???? Seeking Advice on RSA Why am I not trusted? IL code fails with VerificationException Weird behaviour of the PrincipalPermission attribute |
|||||||||||||||||||||||
