Requirements: Recently i got a requirement to publish code outside of our company as installation. We don’t want our users to see untrusted publisher error while using aour application.
Certificate from Comodo: You need to follow these steps to get (*.pfx) to sign the assemblies.
- Use only Internet explorer or Firefox . Chrome is not currently supported by Comodo.
- Create account and request for code signing certificate.
- After successful submission, you will receive email from comodo within 2 business days.
- Remeber, you need to use same system and same browser to install the certificate sent by Comodo.
- Once you install certifcate, you can export the certifcate as (*.pfx) file and sent the same to development team. Please secure this file with strong password.
As a developer: Follow these steps to sign the assemblies
- If you are getting error “Cannot find the certificate and private key for decryption.”. please follow steps to install your certificate. Follow Steps
- If you get error while signing “Cannot import the following key file: companyname.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_xxxxxxx”. now you can install key value pair to container by using below command.
"C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\sn.exe" i codesign.pfx VS_KEY_5FC66E4E834CAD9C
- In Visual Studio project properties, you can choose signing tab and then select the pfx to sign. i dont have luck with this approach, so i followed next step
- In Visual Studio project properties -> Build Events -> Post Build Scripts
"C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign /f "C:\anyfolder\codesign.pfx" /p password /tr "http://timestamp.comodoca.com" "$(TargetDir)*.dll"
- Now all your project assemblies should be signed. you can open properties of an assembly to confirm whether digital signatures tab is visible.