Create your own .pfx file for ClickOnce


When you use ClickOnce to deploy your application with Visual Studio, a .pfx file is automatically generated by default.


Reminder:
When you want to use Authenticode signing, you need:


· A public key (.cer file) which is given by a Certificate Authority (trusted third party)
· A private Key (.pvk file) that you generate and you keep confidential


A Personal Information Exchange (pfx file) contains a public key and a private key. You can use it to hash your files (binary, assembly …) and even signed your manifest file for ClickOnce.

If you want to create your own PFX file with your personal information, you have to complete these two steps:

Create your public & private Keys (You will be prompt to define the private key’s password):
makecert.exe -sv MyKey.pvk -n “CN=.NET Ready!!!” MyKey.cer

Create your PFX file from the public and private key
pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto

Now that you have your PFX file, you can sign your application with mage or mageUI:

With Mage:

Sign the application manifest
mage -sign MyApplication _1_0_0_0\ MyApplication.exe.manifest -CertFile Test.pfx -pwd “toto”
With :
MyApplication _1_0_0_0\ MyApplication.exe.manifest :application manifest
Test.pfx : pfx file (include the private and public keys)
toto= password

Update the deployment manifest with the application manifest
mage -update MyApplication.application –AppManifest MyApplication _1_0_0_0\ MyApplication.exe.manifest
With :
MyApplication.application : deploy manifest
MyApplication _1_0_0_0\ MyApplication.exe.manifest : application manifest

Sign the deployment manifest
mage -sign MyApplication.application -CertFile Test.pfx -pwd “toto”
With :
MyApplication.application : deploy manifest
Test.pfx : pfx file (include the private and public keys)
toto= password

With MageUI:


 


Or your can define your certificate to sign your ClickOnce manifest in Visual Studio (before deployment):


Now, your application will be deployed with your certificate 😉


Have Fun !!!

Comments (27)

  1. André says:

    This article really made my day :)

    Thanks!!

  2. Tod says:

    Merci bien Maxime, c’était parfait!

  3. Based on a recent inquiry, I have compiled the following, simple How-To on digitally signing Vista Sidebar

  4. Anant Tiwari says:

    Just Wow,

    Gr8 work

  5. Basil Behnan says:

    I want To change the formula from jpg to pfx

  6. Manoj says:

    How to increase the expire date of the pfx file

  7. Amrendra Kumar Mishra says:

    This is required for testing purpose.

    Required for development.

  8. BrownJ says:

    Thank you for this great article. It really helped me resolve my isssue… THanks.

  9. Andrew Shepherd says:

    I hope you haven’t gotten sick of people thanking you yet, but…

    THANK YOU! I spent the last few hours trying to understand the MSDN, and then I stumbled over this blog which answered everything. You’re awesome.

  10. Adrian says:

    I see that in your example, you set the X509name to "CN=.NET Ready!!!".  Ok, but what does it mean?  I’ve looked around and I get some vague answers like from Wikipidia:

    "Its subject contains many personal details, but the most important part is usually the common name (CN), as this is the part that must match the host being authenticated." (http://en.wikipedia.org/wiki/X.509)

    But how is it matched?

    Giving some other examples I’ve seen, it looks like that string can be anything anyway.  So why even bother?

  11. Adrian says:

    I see that in your example, you set the X509name to "CN=.NET Ready!!!".  Ok, but what does it mean?  I’ve looked around and I get some vague answers like from Wikipidia:

    "Its subject contains many personal details, but the most important part is usually the common name (CN), as this is the part that must match the host being authenticated." (http://en.wikipedia.org/wiki/X.509)

    But how is it matched?

    Giving some other examples I’ve seen, it looks like that string can be anything anyway.  So why even bother?

  12. Someone can send me the pvk2pfx.exe i’ve lost from my drive to dcolumbich@hotmail.com. Thank you.

  13. Bobko Alexander says:

    Someone can send me the pvk2pfx.exe to bobkoalexander@gmail.com. Thank you.

  14. Mitchan Adams says:

    All good, but now how can you keep you chaining intact. the p7b aka PCKS#7 file contains chaining information. The method of signing you just described doesnt accomidate chaining. Any ideas people?

  15. Remark : If you’re not using FinalBuilder but plain MSBuild, you can most likely benefit from the tutorial

  16. raju dasa says:

    nice post.

    what i have been searching for. Keep it up!

  17. Kashish Mehta says:

    I wonder why MSDN cannot be less confusing.

    Thanks.

  18. Leif says:

    Thank you for information that is simple and to the point. I like your example, not too much but it fully illustrates the process well!

    Thank you again!

  19. mrunal says:

    am from india……ur article is really helpful…….thanks for online chat help…..

  20. Ranjith says:

    You explained it in very simple and useful way

    Thanks very much. It helped me lot

  21. ssam says:

    i want a pfx file, how to create

  22. Vinay says:

    Can some one send me the pvk2pfx.exe to me. My email id is vinayarali@gmail.com

  23. Stephan says:

    Thank you so much! Finally someone who could explain how it works.

  24. Yu says:

    It's a really useful info.  Thanks.

  25. Ali says:

    How can get  max deploy .exe please provide me link

  26. naveen pandey(Haldwani) says:

    sir  plz  How can get  max deploy .exe please provide me link

  27. narsing rao says:

    how to get tha max deplo.exe provide me the link