"oldbear" <oldb***@discussions.microsoft.com> wrote in message
news:714E63A0-6098-49D9-B50A-A01846763ED3@microsoft.com...
> Hi
>
> I take it you mean that you created a certificate file named name.cer? If
> this is the case, then this is not the certificate that you should place
> in
> the trusted root authority store.
>
> After creating the certificate, open it in explorer, and go to the last
> tab
> of the window. This will show the certification path, and at the top will
> be
> the CA (Called Root Agency).
>
> Double click on 'Root Agency', and this will bring up a dialog box for the
> CA certificate. Go to the second tab (details) and use the 'copy to file'
> option to create a certificate file.
>
> This will be the certificate file that you need to place in the trusted
> root
> certificate store for the name.cer certificate to be recognised.
>
> Apologies if I've misunderstood, but I hope this helps
>
> Chris Seary
>

> I am trying to deploy an application to our application server using
> Clickonce.  I was hoping not to have to install the application on
> every Citrix server that our users access, but utilize the Online Only
> function to actually run the application from the application server.
> I have created a signature using MAKECERT called name.cer and
> converted that to a name.spc. I then took the name.spc and added the
> certificate to the "trusted Root Certification Authorities" and the
> "Trusted Publishers" on one of my Citrix servers.  But whenever I try
> to execute the application I still get the dialog box about the
> application being an unknown publisher.  I am trying to eliminate this
> from the user.  Is there something else I can do to publish the
> application to a server and then execute it from there for any user
> that has access to the application directory?
>
> Thanks
>

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be631987a18c81a6da90e962a@news.microsoft.com...
> you also have to sign the manifest - you need a private key for that,
> usually packaged in a .pfx file.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> I am trying to deploy an application to our application server using
>> Clickonce.  I was hoping not to have to install the application on
>> every Citrix server that our users access, but utilize the Online Only
>> function to actually run the application from the application server.
>> I have created a signature using MAKECERT called name.cer and
>> converted that to a name.spc. I then took the name.spc and added the
>> certificate to the "trusted Root Certification Authorities" and the
>> "Trusted Publishers" on one of my Citrix servers.  But whenever I try
>> to execute the application I still get the dialog box about the
>> application being an unknown publisher.  I am trying to eliminate this
>> from the user.  Is there something else I can do to publish the
>> application to a server and then execute it from there for any user
>> that has access to the application directory?
>>
>> Thanks
>>
>
>

> After I created my certificate file, I used the signed certifacte I
> had installed in one of my stores as the signature certificate.
>
> "Dominick Baier [DevelopMentor]"
> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> news:4580be631987a18c81a6da90e962a@news.microsoft.com...
>
>> you also have to sign the manifest - you need a private key for that,
>> usually packaged in a .pfx file.
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I am trying to deploy an application to our application server using
>>> Clickonce.  I was hoping not to have to install the application on
>>> every Citrix server that our users access, but utilize the Online
>>> Only function to actually run the application from the application
>>> server. I have created a signature using MAKECERT called name.cer
>>> and converted that to a name.spc. I then took the name.spc and added
>>> the certificate to the "trusted Root Certification Authorities" and
>>> the "Trusted Publishers" on one of my Citrix servers.  But whenever
>>> I try to execute the application I still get the dialog box about
>>> the application being an unknown publisher.  I am trying to
>>> eliminate this from the user.  Is there something else I can do to
>>> publish the application to a server and then execute it from there
>>> for any user that has access to the application directory?
>>>
>>> Thanks
>>>

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be631987a78c81a74170e4a67@news.microsoft.com...
>> After I created my certificate file
>
>
> what kind of file was that?
>
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> After I created my certificate file, I used the signed certifacte I
>> had installed in one of my stores as the signature certificate.
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:4580be631987a18c81a6da90e962a@news.microsoft.com...
>>
>>> you also have to sign the manifest - you need a private key for that,
>>> usually packaged in a .pfx file.
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> I am trying to deploy an application to our application server using
>>>> Clickonce.  I was hoping not to have to install the application on
>>>> every Citrix server that our users access, but utilize the Online
>>>> Only function to actually run the application from the application
>>>> server. I have created a signature using MAKECERT called name.cer
>>>> and converted that to a name.spc. I then took the name.spc and added
>>>> the certificate to the "trusted Root Certification Authorities" and
>>>> the "Trusted Publishers" on one of my Citrix servers.  But whenever
>>>> I try to execute the application I still get the dialog box about
>>>> the application being an unknown publisher.  I am trying to
>>>> eliminate this from the user.  Is there something else I can do to
>>>> publish the application to a server and then execute it from there
>>>> for any user that has access to the application directory?
>>>>
>>>> Thanks
>>>>
>
>

> I'm sorry I wasn't clear.  I created my certificate file like so:
>
> makecert -r -pe -a sha1 -n "CN=CompanyTest" -b 01/01/2000 -e
> 01/01/2036 -eku 1.3.6.1.5.5.7.3.3 -ss Name Name.cer
>
> "Dominick Baier [DevelopMentor]"
> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> news:4580be631987a78c81a74170e4a67@news.microsoft.com...
>
>>> After I created my certificate file
>>>
>> what kind of file was that?
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> After I created my certificate file, I used the signed certifacte I
>>> had installed in one of my stores as the signature certificate.
>>>
>>> "Dominick Baier [DevelopMentor]"
>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>>> news:4580be631987a18c81a6da90e962a@news.microsoft.com...
>>>
>>>> you also have to sign the manifest - you need a private key for
>>>> that, usually packaged in a .pfx file.
>>>>
>>>> ---------------------------------------
>>>> Dominick Baier - DevelopMentor
>>>> http://www.leastprivilege.com
>>>>> I am trying to deploy an application to our application server
>>>>> using Clickonce.  I was hoping not to have to install the
>>>>> application on every Citrix server that our users access, but
>>>>> utilize the Online Only function to actually run the application
>>>>> from the application server. I have created a signature using
>>>>> MAKECERT called name.cer and converted that to a name.spc. I then
>>>>> took the name.spc and added the certificate to the "trusted Root
>>>>> Certification Authorities" and the "Trusted Publishers" on one of
>>>>> my Citrix servers.  But whenever I try to execute the application
>>>>> I still get the dialog box about the application being an unknown
>>>>> publisher.  I am trying to eliminate this from the user.  Is there
>>>>> something else I can do to publish the application to a server and
>>>>> then execute it from there for any user that has access to the
>>>>> application directory?
>>>>>
>>>>> Thanks
>>>>>

"James Pemberton" wrote:

> I'm sorry I wasn't clear.  I created my certificate file like so:
>
> makecert -r -pe -a sha1 -n "CN=CompanyTest" -b 01/01/2000 -e 01/01/2036 -eku
> 1.3.6.1.5.5.7.3.3 -ss Name Name.cer
>
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:4580be631987a78c81a74170e4a67@news.microsoft.com...
> >> After I created my certificate file
> >
> >
> > what kind of file was that?
> >
> >
> >
> > ---------------------------------------
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> >> After I created my certificate file, I used the signed certifacte I
> >> had installed in one of my stores as the signature certificate.
> >>
> >> "Dominick Baier [DevelopMentor]"
> >> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> >> news:4580be631987a18c81a6da90e962a@news.microsoft.com...
> >>
> >>> you also have to sign the manifest - you need a private key for that,
> >>> usually packaged in a .pfx file.
> >>>
> >>> ---------------------------------------
> >>> Dominick Baier - DevelopMentor
> >>> http://www.leastprivilege.com
> >>>> I am trying to deploy an application to our application server using
> >>>> Clickonce.  I was hoping not to have to install the application on
> >>>> every Citrix server that our users access, but utilize the Online
> >>>> Only function to actually run the application from the application
> >>>> server. I have created a signature using MAKECERT called name.cer
> >>>> and converted that to a name.spc. I then took the name.spc and added
> >>>> the certificate to the "trusted Root Certification Authorities" and
> >>>> the "Trusted Publishers" on one of my Citrix servers.  But whenever
> >>>> I try to execute the application I still get the dialog box about
> >>>> the application being an unknown publisher.  I am trying to
> >>>> eliminate this from the user.  Is there something else I can do to
> >>>> publish the application to a server and then execute it from there
> >>>> for any user that has access to the application directory?
> >>>>
> >>>> Thanks
> >>>>
> >
> >
>
>
>

"James Pemberton" <james.pember***@devro-casings.com> wrote in message news:ef%23TBwETGHA.2276@tk2msftngp13.phx.gbl...
>I am trying to deploy an application to our application server using Clickonce.  I was hoping not to have to install
>the application on every Citrix server that our users access, but utilize the Online Only function to actually run the
>application from the application server.  I have created a signature using MAKECERT called name.cer and converted that
>to a name.spc. I then took the name.spc and added the certificate to the "trusted Root Certification Authorities" and
>the "Trusted Publishers" on one of my Citrix servers.  But whenever I try to execute the application I still get the
>dialog box about the application being an unknown publisher.  I am trying to eliminate this from the user.  Is there
>something else I can do to publish the application to a server and then execute it from there for any user that has
>access to the application directory?
>
> Thanks
>
>

> The clients will ALWAYS get that warning dialog if your test
> self-signed certificate is not installed to their trusted CA database.
> Regarding signing manifest and exe files for deployment, here is
> an example:
> http://www.jensign.com/primes
> where the 2nd example has both a signed msi and setup.exe.
> The certificate is a 2048 bit RSA cert, created by makecert like so:
>
> makecert -sk MyDevContainer  -ss MY -r -pe -e "03/31/2010" -len 2048
> -sky Signature  -n "CN=JavaScience Consulting,.. otherDN fields"
>
> where it is self-signed (-r) and exportable (-pe). The keycontainer is
> created
> automatically,  named MyDevContainer. The certificate is stored in the
> Current User
> MY certificate store and is automatically linked to the corresponding
> private RSA key.
> No need to deal with pvk or spc files.
> Since the cert is self-signed, the only way for .NET clients (if I had
> deployed a .NET app) to avoid that warning dialog is to (1) include
> that public cert into Trusted CA store and (2) configure local caspol
> to trust the signature based on publisher's public key.
>
> I then export this cert (includes protected private key) to a pfx
> file, put in a suitable location , and use in the PostBuildEvent
> script to sign the msi and exe in VS 2005.
>
> - Mitch Gallant
> MVP Security
> "James Pemberton" <james.pember***@devro-casings.com> wrote in message
> news:ef%23TBwETGHA.2276@tk2msftngp13.phx.gbl...
>
>> I am trying to deploy an application to our application server using
>> Clickonce.  I was hoping not to have to install the application on
>> every Citrix server that our users access, but utilize the Online
>> Only function to actually run the application from the application
>> server.  I have created a signature using MAKECERT called name.cer
>> and converted that to a name.spc. I then took the name.spc and added
>> the certificate to the "trusted Root Certification Authorities" and
>> the "Trusted Publishers" on one of my Citrix servers.  But whenever I
>> try to execute the application I still get the dialog box about the
>> application being an unknown publisher.  I am trying to eliminate
>> this from the user.  Is there something else I can do to publish the
>> application to a server and then execute it from there for any user
>> that has access to the application directory?
>>
>> Thanks
>>