I have a .pfx that I want to use to sign a Clickonce app. However, on trying to do so, Visual Studio gives me "The selected certificate is not valid for code signing." When I go to certmgr.msc and check the certificate, it states "Code signing" under Enhanced Key Usage (non-critical) and "Key Encipherment" under Key Usage (critical). Is the certificate missing a Key Usage value in order for it to code sign?
Asked
Active
Viewed 2,374 times
6
user104013
- 61
- 2
-
This looks like a Visual Studio-specific question? – schroeder Mar 10 '16 at 18:13
-
So based on the given key usage, it SHOULD be able to code sign? I also try to sign with mage, and it gives me same error – Chara Mar 10 '16 at 18:20
-
I just checked a valid code signing certificate and I *think* only digital signature (key usage) and code signing are required. Does your certificate include *digital signature*? – SEJPM Mar 10 '16 at 18:56
-
@SEJPM, Do you know if that valid code signing certificate works for ClickOnce manifests? I ask this because my certificate works for signing .exe's and .dll's but not ClickOnce, for whatever reason – Chara Mar 11 '16 at 20:01
-
@Chara I just looked at an EV signed binary (KeePass) and reported the key usages here. (Hint: Windows usually allows you to inspect certificates) – SEJPM Mar 11 '16 at 23:23
-
The project designer allows for the creation of the test certificate. You can use this certificate to compare it with yours. Generally windows has different requirements for the user code and kernel code. Check the signature of your cert. – nethero Jul 21 '21 at 14:33