Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using EV Certificate With ClickOnce

Tags:

certificate

visual-studio-2012

signtool

clickonce

symantec

My company purchased an EV Certificate from Symantec to use for a software product we produce. Specifically it is called: Symantec Class 3 Extended Validation Code Signing CA – G2.

To develop and build this product we use Visual Studio 2013, and we use ClickOnce as the publish and installer mechanism. The problem we are having is that ClickOnce is unable to apply the EV Certificate using it’s built-in signing mechansim. ClickOnce can see the Certificate just fine, and allows us to select it with the “Select from Store…” button. It shows all of the correct information in the Certificate window. But when we Publish the following error is encountered:

An error occurred while signing: Failed to sign bin\Release\app.publish\setup.exe. SignTool Error: An unexpected internal error has occurred.”

Note that we are able to use SignTool.exe to apply the EV Certificate from the command line, so the problem is not with that program.

Has anyone had experience with this combination of EV Certificate and ClickOnce? Is there a different EV Certificate that we should buy that works better with ClickOnce?

like image 399
Drew Stoddard Avatar asked Aug 21 '14 17:08

Drew Stoddard

2 Answers

I had the exact same problem a few days ago and the Digicert after-sales service has been able to to solve it. Try to check the value of this register key (in regedit):

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Cryptography/Providers/SafeNet Smart Card Key Storage Provider/Aliases

The value should be "eToken Base Cryptographic Provider" and not "eToken Base Cryctographic Provider" ('p' instead of 'c').

As said in the comments, you'll have to reboot after that change.

Hope it helps.

like image 88
Max Avatar answered Oct 21 '22 03:10

Max

Can't comment (not enough rep). Spent a LONG time getting to this page so I wanted to add the following info for anyone who comes here after.

The full error message (for the purpose of search engines finding this site) from signtool is:

SignTool Error: An unexpected internal error has occurred

Error: SignerSign() failed." (-1073741275/0xc0000225)

This only happens (for us) when signing sha256. sha1 worked fine.

@Max's answer (typo in the registry key is correct. This is a bug in the SafeNet Authentication Client version 8.2 installer. I changed the registry key, rebooted, and everything started working.

It has been fixed as of the 9.0 version (which is for Win8+).

like image 20
kinar Avatar answered Oct 21 '22 05:10

kinar
Sign in to Comment

Related questions

Is there a bug with extern template in Visual C++?
Can't add an existing folder to Visual Studio 2012. "Include in Project" menu option is missing
Create folders in wix
NOMINMAX with Visual Studio 2012 MFC project [duplicate]
Unable to debug msbuild
WIX Toolset How to Set a Property
Express for windows 8 vs Express for windows desktop
How to use PhoneGap with Visual Studio
Generate code for all exceptions thrown by a method
web.config xpath transform - find by parent element
.NET 4.5 Beta DbGeography NotImplementedException
Convert a String^ to wstring C++
vs2012 toolset compatibility
Cannot Find System.Web.Hosting in Visual Studio 2012
Uninstall web essentials
how to add devexpress to visual studio 2012
std::greater not defined in MSVC2012
how to hide all panels in windows form?
Is building for win32 the same as x86 in Visual Studio?
The file 'blahblah.aspx' has not been pre-compiled, and cannot be requested

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!