I have written an application, that I'm publishing to my webpage everytime I make changes via the "Publishing Assistant" in VS13. If I'm going to install it on my PC from my website Windows tells me that the application would not be trustful. How do I change this? Where do I get an certificate for signing it?
You buy a certificate from any trusted certificate provider. To not to promote any specific provider, I'll just recommend you to google for "buy code signing certificate", if you really can't find a provider on your own.
Then, at the properties tabs, navigate to the "Signing" tab and point to your certificate file. The package will be signed upon building.
Related
I recently had to take over an Excel plugin project and one of the issue I'm getting is that a customer can't use the plugin because their Trust center only allows COM add-ins signed by Trusted publishers. (And they are not able to disable it)
I'm quite new and don't really understand this signing issue so I self-signed the code.
But the add-in has its publisher set to None. Here's how it's showing.
I believe that's not what I need to do, right? As a self signing will not be trusted by the customer Trust Center.
I saw this post but I was quite unsure about what was going on.
Does that mean there is no possible workaround or am I getting this wrong?
One thing I was wondering but I needed some help over is that if the add-in needs to be signed by a Trusted publisher.. Would that do the trick if the client is generating .pfx and I use it to sign the add-in?
AFAIK, there are no "tricks" you can do from the DEV side. This is a security feature. You need to sign your add-in with a valid certificate to get rid of "unknown publisher". You can do that by selecting that certificate on "Sign" tab in Project settings in Visual Studio.
If you are a public company/developer and don't really have any assumptions about your users, then you can obtain the code signing certificate from one of the public code signing certificate providers. The main ones are listed here: https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate
It is not free, and you'll need to prove your identity to the certificate issuing authority (like, provide them your passport/company registration details/etc).
If you are developing an add-in for a specific organization and you can negotiate with it's admins, or your users have admin rights on their computers and are allowed to mess with security, then you can create a self-signed certificate, sign your code with it (select it on "Signature" tab), and then ask your users (or user's admin) to add this self-signed certificate to "trusted root" for their organization/on their PC.
Please note that self-signed certificate usually work only on the PC where the certificate was created, and used for testing or development purposes. In your case, this means that your self-signed certificate is considered valid on your PC, but not on the customer's PC. If you want a certificate created by you on your PC to also work on customer's PC, then you'll have to ask the customer to add your certificate as "trusted root", i.e. to treat your signature the same way as one of those "worldwide trusted certification authorities" from the list above.
The normal practice is to buy a certificate from the certification authorities though.
I am trying to submit my app to the app store through Xamarin Studio. But I am getting an error saying No valid provisioning profiles found. I have a development certificate and an app store provisioning profile set up. Not sure why it's not finding it.
You will need to add a distribution certificate. You cannot submit to the app store with a development certificate. You cannot associate a development certificate with a app store distribution profile.
Ensure you have a iOS Distribution certificate created, and that it is valid when you download it to your Mac (by opening the Keychain Access app, and clicking on the cert - you should see a green check and the word "Valid" by it).
Then create a App Store Distribution provisioning profile and tie it to the certificate.
I'm trying to access certificate that placed in Current_user my certificate store.
And when I'm debbugging, for instance, MVC 4 app it is OK, but then i'm trying to access certificate from silverlight's server-side... and can't see any certificates in my x509store.
So as I understand I need to grant IIS-account access to this store.
Is it true? And how can I do it?
To give IIS access means to give permission to the user that is running the application pool of your IIS website. You should do the following steps:
Open mmc.exe (Microsoft Management Console).
Go to File -> Add/Remove Snap In...
Select Certificates.
Select the store (in your case it will be My user account)
Find the certificate (should be in Personal folder but it depends on how it was installed).
Right-click on the certificate, select Tasks -> Manage Private Keys
Add your IIS application pool user and give required access (this is actually a permission to the file where the certificate is stored).
I have an XBAP app that I would like to publish. This app requires FullTrust, so I need to sign it.
I can do that and publish the app. However clients who do not have my certificate cannot install/run the app, they would have to install the certificate before doing that.
Is there a way to avoid or automate it? Either embed the certificate installation within the deployment (Click-once) or maybe sign the app use service like VerySign (e.g.)?
Is SSL a topic that might help here?
You will need to sign the clickonce using a certificate from a trusted certificate authority such as Verisign as you suggest. Otherwise you'll need the users to distribute the certificate you've generated to your users and have them install it on their local machines.
I have already installed the ssl cert in user PC. And, I also imported the cert under Local computer of Trusted Root Certification Authorities. I am trying to consume the web servcie. In my code I attach the cert as below.
webservice.ClientCertificates.Add(X509Certificate.CreateFromCertFile(certPath));
But I got the following error.
Cannot find the certificate in either the LocalMachine store or the CurrentUser store
What could be the issue? I'm using .Net Framework 2.0. So, not able to use WCF. Thanks.
That means,
probably you have the wrong certificates installed.
you installed the certificates to the wrong place.
An easy way to tell if you have a client certificate installed properly is
launch IE.
Open Tools | Internet options.
In Content tab, click Certificates button.
Then you should see the cert in Personal (read cert path and see whether it contains errors), and will be able to use it in your WinForms application.
I experienced similar issue. In my case it was solved by using MMC and giving Full control rights of the certificate for user IIS_IUSRS. My Website is running under ApplicationPoolIdentity. This answer guided me to the right path: How to give ASP.NET access to a private key in a certificate in the certificate store?
I had the same error when trying to connect to a service that hadn't been set to use SSL. Once I change the configuration of the service to use SSL, the connection worked fine.
Also you may get that error if the account doesn't have access to the private key, which WinHttpCertCfg.exe from the Windows Resource Kit can solve.