jmagaram
2008-10-21 22:38:01 UTC
I bought a code signing certificate from Comodo. I can't seem to use it for
"Sign the assembly" in Visual Studio 2008 in Vista. I get the "Error
importing key. Object already exists" error. Specific steps are shown below.
I had other problems using the "Create Test Certificate" button - access
denied error - that I "fixed" by adding myself to the permissions on
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys. I have been able to add the Comodo
pfx to the certificate store and use the signtool utility in a post-build
command, but this introduces other problems. Questions:
1. How can I use my certificate to sign code using the built-in UI of Visual
Studio?
2. Maybe my personal certificate store is somehow corrupt. Is there some way
to wipe it out and start over? Is there anything in there I really need?
3. If I'm using a certificate for assembly signing (must browse to a file to
do this) must it NOT be in the certificate store?
--
EXPORT ORIGINAL CERTIFICATE
Get code signing certificate from Comodo
From Internet Explorer Certificates configuration, export the code signing
certificate
Chose "Yes, export the private key"
Chose "PFX" format. Did NOT select ANY of these options:
Include all certificates in the certification path
Delete the private key if the export is successful
Export all extended properties
Entered a password and file name
Finish exporting the key
Delete the certificate from the certificate store
FIX CERTIFICATE WITH AT_SIGNATURE AND REIMPORT
Followed the instructions at the web address below. Specifically I used
"certutil" as provided in Visual Studio 2008 to reimport the PFX file with
"AT_SIGNATURE"
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1181&nav=0,7
EXPORT FIXED CERTIFICATE
Using the Certificates setting in Internet Explorer, export the certificate
Chose "Yes, export the private key"
Chose "PFX" format. Did NOT select ANY of these options:
Include all certificates in the certification path
Delete the private key if the export is successful
Export all extended properties
Entered a password and file name
Finish exporting the key as a pfx file
Delete certificate from certificate store
ATTEMPT TO SIGN ASSEMBLY
Right click on Visual Studio and choose "Run as Administrator"
In Visual Studio, right click a Project and choose Properties.
Check the box for "Sign the assembly"
Browse to the "fixed" certificate file and enter the password
ERROR - "Error importing key. Object already exists"
"Sign the assembly" in Visual Studio 2008 in Vista. I get the "Error
importing key. Object already exists" error. Specific steps are shown below.
I had other problems using the "Create Test Certificate" button - access
denied error - that I "fixed" by adding myself to the permissions on
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys. I have been able to add the Comodo
pfx to the certificate store and use the signtool utility in a post-build
command, but this introduces other problems. Questions:
1. How can I use my certificate to sign code using the built-in UI of Visual
Studio?
2. Maybe my personal certificate store is somehow corrupt. Is there some way
to wipe it out and start over? Is there anything in there I really need?
3. If I'm using a certificate for assembly signing (must browse to a file to
do this) must it NOT be in the certificate store?
--
EXPORT ORIGINAL CERTIFICATE
Get code signing certificate from Comodo
From Internet Explorer Certificates configuration, export the code signing
certificate
Chose "Yes, export the private key"
Chose "PFX" format. Did NOT select ANY of these options:
Include all certificates in the certification path
Delete the private key if the export is successful
Export all extended properties
Entered a password and file name
Finish exporting the key
Delete the certificate from the certificate store
FIX CERTIFICATE WITH AT_SIGNATURE AND REIMPORT
Followed the instructions at the web address below. Specifically I used
"certutil" as provided in Visual Studio 2008 to reimport the PFX file with
"AT_SIGNATURE"
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1181&nav=0,7
EXPORT FIXED CERTIFICATE
Using the Certificates setting in Internet Explorer, export the certificate
Chose "Yes, export the private key"
Chose "PFX" format. Did NOT select ANY of these options:
Include all certificates in the certification path
Delete the private key if the export is successful
Export all extended properties
Entered a password and file name
Finish exporting the key as a pfx file
Delete certificate from certificate store
ATTEMPT TO SIGN ASSEMBLY
Right click on Visual Studio and choose "Run as Administrator"
In Visual Studio, right click a Project and choose Properties.
Check the box for "Sign the assembly"
Browse to the "fixed" certificate file and enter the password
ERROR - "Error importing key. Object already exists"