I set up my Visual Studio Team Service account to clone my private GitHub repo and build the Windows UWP application anytime I queue a build. The cloning works without any issues; the compilation of every project (6) works except one. The Windows UWP app project.
I receive the following warnings while the build server compiles the app:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0104: Certificate file 'myapp_TemporaryKey.pfx' not found.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0104: Certificate file 'myapp_TemporaryKey.pfx' not found. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
This is the last project out of the 6 to compile. After I receive the warnings, it proceeds to copy all of the output files over to the final /bin directory. Then when it's all done, reports the same messages as above, but as errors this time and fails the build.
_GenerateAppxPackageFile:
C:\Program Files (x86)\Windows Kits\10\bin\x64\MakeAppx.exe pack /l /h sha256 /f obj\x86\Debug\package.map.txt /o /p C:\a\1\s\Source\Applications\MyApp.WindowsUWP\AppPackages\MyApp_1.0.0.0_x86_Debug_Test\MyApp_1.0.0.0_x86_Debug.appx
MyApp -> C:\a\1\s\Source\Applications\MyApp.WindowsUWP\AppPackages\MyApp_1.0.0.0_x86_Debug_Test\MyApp_1.0.0.0_x86_Debug.appx
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0104: Certificate file 'MyApp_TemporaryKey.pfx' not found.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0104: Certificate file 'MyApp_TemporaryKey.pfx' not found. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
2>Done Building Project "C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj" (default targets) -- FAILED.
1>Done Building Project "C:\a\1\s\Source\MyApp.UWP.sln" (default targets) -- FAILED.
Build FAILED.
"C:\a\1\s\Source\MyApp.UWP.sln" (default target) (1) ->
If I just delete the certificate (as I did in this particular error log), it fails because it can't find it. If I generate the certificate using the manifest editor in VS, and assign it a password, the build server fails because it doesn't know the password. So I can't get it to build whether I provide a temporary test certificate or not.
How are we supposed to run Windows 10 UWP apps through the Visual Studio Team Services build system? This is something that Microsoft has been promoting for a while now so I I assumed this was a thing that could be done. I can't seem to get the UWP project to actually build.
You can generate a certificate without password assigned.
Or add a PowerShell step in your build definition to import the password protected certificate. Following is the powershell script you can use:
$pfxpath = 'myapp_TemporaryKey.pfx'
$password = 'yourpassword'
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
Remember to set the "Working Folder" to the path where your pfx file placed.
By default .gitignore ignores any *.pfx file. Therefore it is not added to git. I had the same issue, that the build machine does not has the *_StoreKey.pfx file and therefore the build did not succeed.
For me the solution was to install the *_StoreKey.pfx on the build server. Then building the solution on the build server succeeds.
I solved this with the "secure files" feature: https://learn.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=vsts
In the build pipeline, there's a "library" tab. I added the pfx (that's excluded from source control) as a file there.
I then added "download secure file" as a build task (https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-secure-file?view=vsts). Note the environment variable in the documentation (currently $env:DOWNLOADSECUREFILE_SECUREFILEPATH)
I then added a command line task to move the file to where it was expected. So the command was move %DOWNLOADSECUREFILE_SECUREFILEPATH% FolderOfMyProject
Now it behaves as though the certificate were checked in.
Same issue I met these days, And I finally successfully solved with the help of this post.
Actually we must ensure we had create a test-used .pfx as the developer of UWP
,and followed words shared some helpful solutions I thought:
Create a test certificate with VS:
In Visual Studio, from Solution Explorer, open Package.appxmanifest
In the App Manifest Designer, choose the Packaging tab, and then choose the Choose Certificate button.
In the Choose Certificate dialog box, expand the Configure Certificate list, and then choose Create test certificate.
In the Create test certificate dialog box, input your info and click the OK button.(Above step description are coming from this ↓)
Create a certificate with MakeCert,Pvk2Pfx and Certutil tools
MDSN : How to create an app package signing certificate
Hope it can help u!
I too was getting the error:
"Cannot import the key file 'blah.pfx'. The key file may be password protected. To correct this, try to import the certificate manually into the current user’s personal certificate store".
You can double click a .pfx file to import it into your store, the trick is that when it brings up the wizard, you have to choose "Current User", instead of "Local Machine" on the first screen, then instead of "Automatic", I specifically chose "Personal".
I was able to build the package after that. Didn't work when I chose "Local Machine" + Personal.
Had the same issue (error APPX0107: The certificate specified is not valid for signing) and tryed every solution but nothing worked for me.
In fact their was a new line after the key name in the .csproj:
<PackageCertificateKeyFile>myCert.pfx
</PackageCertificateKeyFile>
Removed it and it worked.
Related
While I'm able to get Conan to download a package from a remote by adding a corporate CA certifiate to cacert.pem, many of these package recipes use conans.tools.download() to download source code from external sites. It seems as if this functionality does not use cacert.pem for its certificate store.
So, for a simple example, I have a conanfile.txt that looks like this:
[requires]
sdl2/2.0.8#bincrafters/stable
Of course there is no sdl2 binary for Visual Studio 2019, so I need to specify the compiler version, build type, cppstd (well, technically not this one since SDL2 is written in C), etc, but the larger project uses C++, so I run the command to build SDL2:
conan install .. -s compiler.version=16 -s build_type=Debug -s compiler.cppstd=17 --build
Conan downloads the package fine, since it's respecting the corp CA I've added to cacert.pem, but the package recipe uses tools.download() to actually pull the source. This failed spectacularly with this error:
ERROR: Error downloading file https://www.libsdl.org/release/SDL2-2.0.8.tar.gz: 'HTTPSConnectionPool(host='www.libsdl.org', port=443): Max retries exceeded with url: /release/SDL2-2.0.8.tar.gz (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)'),))'
While I'm able to modify the recipe directly by adding verify=False to the download call, this is obviously not a viable solution.
How can this be fixed? I'd prefer not to disable certification verification but at this point would settle for that.
You need to include the ROOT (not a non-root ancestor) certificate in the Python requests package CA bundle, or create a new CA bundle that includes the root certificate and use the REQUESTS_CA_BUNDLE environment variable.
I am try to digitally sign .dll, .exe and .msi files using signUserFiles.exe, I have configured signing steps into Cruise control tool and when I try to build our project (abc.proj file) using cruise control tool then I am getting below error
EXEC (0,0): error: Unable to find the temporary location for signtool. Exiting...
c:\work\UCA7.3_8.1GA\Client\Sign.targets (31,6):
errorMSB3073: The command "C:\Programs\Signing\Windows\signUserFiles.exe -as -fd sha256 -file c:\work\UCA7.3_8.1GA\Client\UCA\bin\Release\53xxPCApp.exe" exited with code 1.
I have written commands as below
while same is working fine if I build abc.proj directly from command prompt window using "msbuild abc.proj" command
Please help me
Regards
Ganesh
SignTool docs can be found at https://learn.microsoft.com/en-us/windows/desktop/seccrypto/signtool
On my dev VM, I see signtool.exe in the following locations:
C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe
C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe
I am not familiar with "SignUserFiles.exe" but I always use the Win32 SDK exe and perhaps havent stumbled across that file name. I always run signtool as a CC.Net "executable task". A little more work perhaps, but I prefer granular control of these things.
See https://ccnet.github.io/CruiseControl.NET/projects/ccnet/wiki/Executable_Task.html for details re: the executable task.
We have a line of business app which is deployed via clickonce. I can build and publish the application without any problems but when I try to use Continuous Integration (Build each check-in) I get the following error:
2>C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5):
error MSB4044:
The "SignFile" task was not given a value for the required parameter "CertificateThumbprint".
[C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
Done executing task "SignFile" -- FAILED.
We sign the application (to be more specific: the ClickOnce manifest) using a code signing certificate which is registered in the AD as Trusted Publisher.
The Certificate is stored in Certificate store on my local workstation. The Certificate is also in the certificate store of the build server (1. In the Personal Store, 2. in the Personal store of the TFSBuildServiceHost Service Account and 3. in the Personal store of the tfs/build server itself).
Where are using Visual Studio 2013 Update 4, C#, .Net 4.5 and TFS 2013 Update 4.
I have no clue what causes this error, any help is appreciated.
EDIT:
I forgot to mention that the tfs build worked fine a few weeks ago. I didn't change a thing, i verified that the project file (Pulse.csproj) hasn't changed and i also had a few successful builds with that exact Pulse.csproj file / build definition. I'm pretty sure that it must be something on the tfs server. I remember that Microsoft had some trouble with some updates regarding the certificate infrastructure could it be related?
EDIT 2:
I tried to build the project via command line using this command:
"C:\Program Files (x86)\MSBuild\12.0\bin\amd64\MSBuild.exe" C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln
The build fails with the following message:
CleanPublishFolder: Removing directory "bin\Debug\app.publish\".
_DeploymentComputeClickOnceManifestInfo: Creating directory "bin\Debug\app.publish".
Copying file from "obj\Debug\Pulse.exe" to
"bin\Debug\app.publish\Pulse.exe". C:\Program Files
(x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5):
error MSB3482: An error occurred while signi ng: SignTool.exe not
found. [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
Done Building Project
"C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default
targets) -- FAILED.
Done Building Project
"C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default targets)
-- FAILED.
Build FAILED.
"C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default target)
(1) -> "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj"
(default target) (2) -> (_DeploymentComputeClickOnceManifestInfo
target) -> C:\Program Files
(x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5):
error MSB3482: An error occurred while sig ning: SignTool.exe not
found. [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
0 Warning(s)
1 Error(s)
The Signtool definitely exists on the Server. The path to the signtool is: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" and "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe"
The most interesting part is that I CAN build the solution using a different msbuild tool.
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln
EDIT 3:
I installed the Windows Software Development Kit (SDK) for Windows 8 and now I can build the solution via command line. Thus, the code signing certificate is installed & available.
But the TFS Build fails.
Here is the error output gathered from the tfsbuild logfile:
Task "AL"
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\x64\AL.exe /culture:de /out:obj\Debug\de\Pulse.resources.dll /platform:AnyCPU /template:obj\Debug\Pulse.exe /embed:obj\Debug\Pulse.View.Localization.CreditsView.de.resources /embed:obj\Debug\Pulse.View.Localization.PulseMainWindow.de.resources
Microsoft (R) Assembly Linker version 12.0.20806.33440
Copyright (C) Microsoft Corporation. All rights reserved.
Done executing task "AL".
2>Done building target "GenerateSatelliteAssemblies" in project "Pulse.csproj".
2>Target "CreateSatelliteAssemblies" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "CoreBuild" depends on it):
2>Done building target "CreateSatelliteAssemblies" in project "Pulse.csproj".
Target "SetWin32ManifestProperties" skipped. Previously built successfully.
Target "_DeploymentComputeNativeManifestInfo" skipped, due to false condition; ('$(GenerateClickOnceManifests)'!='true') was evaluated as ('true'!='true').
2>Target "CleanPublishFolder" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "_DeploymentComputeClickOnceManifestInfo" depends on it):
Task "RemoveDir" skipped, due to false condition; ('$(PublishDir)'=='$(OutputPath)app.publish\' and Exists('$(PublishDir)')) was evaluated as ('bin\Debug\app.publish\'=='bin\Debug\app.publish\' and Exists('bin\Debug\app.publish\')).
2>Done building target "CleanPublishFolder" in project "Pulse.csproj".
Target "_DeploymentGenerateTrustInfo" skipped, due to false condition; ('$(TargetZone)'!='') was evaluated as (''!='').
2>Target "_DeploymentComputeClickOnceManifestInfo" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "GenerateApplicationManifest" depends on it):
Task "Copy"
Creating directory "bin\Debug\app.publish".
Copying file from "obj\Debug\Pulse.exe" to "bin\Debug\app.publish\Pulse.exe".
Done executing task "Copy".
Using "SignFile" task from assembly "Microsoft.Build.Tasks.v12.0, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a".
Task "SignFile"
2>C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5): error MSB4044: The "SignFile" task was not given a value for the required parameter "CertificateThumbprint". [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
Done executing task "SignFile" -- FAILED.
2>Done building target "_DeploymentComputeClickOnceManifestInfo" in project "Pulse.csproj" -- FAILED.
2>Target "_CheckForCompileOutputs" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "_CleanGetCurrentAndPriorFileWrites" depends on it):
2>Done building target "_CheckForCompileOutputs" in project "Pulse.csproj".
Target "_SGenCheckForOutputs" skipped, due to false condition; ('$(_SGenGenerateSerializationAssembliesConfig)' == 'On' or ('#(WebReferenceUrl)'!='' and '$(_SGenGenerateSerializationAssembliesConfig)' == 'Auto')) was evaluated as ('Off' == 'On' or (''!='' and 'Off' == 'Auto')).
2>Target "_CleanGetCurrentAndPriorFileWrites" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "_CleanRecordFileWrites" depends on it):
Task "ReadLinesFromFile"
Done executing task "ReadLinesFromFile".
Task "ConvertToAbsolutePath"
Done executing task "ConvertToAbsolutePath".
Task "FindUnderPath"
Comparison path is "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse".
Done executing task "FindUnderPath".
Task "FindUnderPath"
Comparison path is "C:\Builds\1\Pulse\DefaultBuild\bin\".
Done executing task "FindUnderPath".
Task "FindUnderPath"
Comparison path is "obj\Debug\".
Done executing task "FindUnderPath".
Task "RemoveDuplicates"
Done executing task "RemoveDuplicates".
2>Done building target "_CleanGetCurrentAndPriorFileWrites" in project "Pulse.csproj".
2>Target "_CleanRecordFileWrites" in file "C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets" from project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (target "CoreBuild" depends on it):
Task "RemoveDuplicates"
Done executing task "RemoveDuplicates".
Task "MakeDir"
Done executing task "MakeDir".
Task "WriteLinesToFile"
Done executing task "WriteLinesToFile".
2>Done building target "_CleanRecordFileWrites" in project "Pulse.csproj".
2>Done Building Project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default targets) -- FAILED.
1>Done executing task "MSBuild" -- FAILED.
1>Done building target "Build" in project "Pulse.sln" -- FAILED.
1>Done Building Project "C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default targets) -- FAILED.
Build FAILED.
"C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse.sln" (default target) (1) ->
"C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj" (default target) (2) ->
(_DeploymentComputeClickOnceManifestInfo target) ->
C:\Program Files (x86)\MSBuild\12.0\bin\amd64\Microsoft.Common.CurrentVersion.targets(3450,5): error MSB4044: The "SignFile" task was not given a value for the required parameter "CertificateThumbprint". [C:\Builds\1\Pulse\DefaultBuild\src\Pulse\Pulse\Pulse.csproj]
0 Warning(s)
1 Error(s)
EDIT 4:
Visual Studio 2013 is not installed on our build server. I've already been through the logfile and found that the TFS Build uses the MSBuild.exe stored in C:\Program Files (x86)\MSBuild\12.0\bin\amd64\ .
Since I can build the project on the build server using the MSBuild.exe than TFS Build does I can be sure that the certificate itself is not an issue.
I created a new build definition without modifying any of the settings but I still get the same error message.
I also repaired the TFS Installation on the build server but no luck.
I compared all *.targets files stored in the C:\Program Files (x86)\MSBuild\12.0\bin\amd64\ Folder on the Server with the *.targets files in the same location on my client machine. There 100% identical.
Needless to say that I can build the project without any problems on my client machine (via VS2013 and command line).
I deleted and re-registered/created the build service/controller/agent. The result is still the same.
I'm stuck here. Any ideas?
Note: If you are looking for a quick fix and it is okay for your project to not be signed then you can do this. I encounter this problem when I am looking for a sample code, and using this quick fix solves my problem instantly.
Go to the project properties
Select signing options
Uncheck the `Sign the ClickOnce manifests
Save
Re-run it
(Optional) In some cases you need to rebuild it.
If it doesnt work please try to uncheck the enable ClickOnce security settings which can be located on Security tab.
This is how I solved the problem:
Our build services was configured to run as NT AUTHORITY\NetworkService I simply changed this to my own user account. Note that I already had the *.pfx file installed to personal certificate store.
I guess the problem was that the user NT AUTHORITY\NetworkService does not have the required certificate in the certificate store. I still have no idea how to add certificates into the personal store of system accounts. Nevertheless my problem is gone for now although I don't like the fact that the build service runs with my credentials.
try to add the certificate in the signing tab of the project properties by selecting "Select from store"
or
try clicking "Create Test Certificate"...
Another reason why you might be getting this is if the certificate thumbprint has changed (i.e. when it has been renewed because the old certificate has expired), and you no longer have the old certificate installed. This happened to me just now.
Solution: open up the project in Visual Studio, go to the Signing Tab, click Select from Store and make sure that the correct (new) certificate is installed. This solved the problem for me.
For those come across this issue using CI with an EV Code Signing Certificate. EV Code Signing Certificates use a dongle or thumb drive, so you must have a build server on premise and update your project file manually.
In VS, Right click on your project and Unload it.
Right click and Edit the csproj file.
Find or add this entry
<PropertyGroup>
<ManifestCertificateThumbprint>**Your Certificate Thumbprint Here**</ManifestCertificateThumbprint>
</PropertyGroup>
Copy and paste the thumbprint of the certificate from your build server
into the ManifestCertificateThumprint value.
Reload your project
and check in.
when i had this issue i edited the .csproj file using a text editor.
i remove the "ManifestCertificateThumbprint", "ManifestKeyFile" , "GenerateManifests" and
"SignManifests" propertyGroup.
Goodluck!!
I had the same issue. I sorted it out in rather weird way. I went to the project properties then selected 'Signing' option. Under it I unchecked the Sign the ClickOnce manifests and also unchecked the Sign the assembly option. The project ran afterwards.
This is a dangerous solution and is not offered as a permanent solution.In my case I used it only because I was working on a local copy and needed to do some fixes so I just needed to get the project to run. In a real world deployment scenario do not do this.
I have a OneClick Deployed VSTO Addin that I have signed with a up-to-date Verisign code-signing certificate (PFX). I have verified that I am signing correctly with Verisign support on the phone – they concur. I am building with VS2010. Nonetheless, the Addin shows “unknown publisher” when I try to install.
Why?
How can I replace “Unknown Publisher” with the name of the Publisher on the PFX certificate?
This is what I have done to try to solve the problem to date:
Found this question about “Unknown Publisher” issue on Addins. The accepted answer to that question discusses using mage.exe to sign the deployment and application manifests.
I used mage.exe to apply the PFX signature to both the application and deployment manifests to no avail; “Unknown Publisher” still shows when I install the Addin. Only then did I see a comment by a MS program manager on the page of the last link that VSTO Addin's built under 2008 or earlier do not read either the application or deployment manifests.
Then I saw the same MS program manager's comment at bottom linking to this page and asserting that starting in VS2010 that VSTO Addin's with Publisher specified as given in the linked page will now have their manifests read and the correct Publisher name displayed upon Addin installation.
I have done all this and the publisher on my correctly code-signed OneClick Deployment still shows “Unknown Publisher” - why?
Follow these steps:
Install the certificate on your local machine. In Windows Explorer right-click the certificate file, select Install PFX, and follow the instructions.
Ensure the VSTO project manifest and assembly are signed. In the VSTO project's properties on the Signing tab, "Sign the ClickOnce manifests" should be checked (if not, select your PFX file). "Sign the assembly" should also be checked and using the same PFX file.
After publishing the VSTO, you'll need to sign the manifest and the published .vsto files from the command line. You will also need to copy the .dll's from the bin to your published folder before you run mage.exe (to avoid "File Not Found" errors). I highly recommend signing both .vsto's for safety's sake. Here is the command line code to perform these steps:
-
set AppPublishPath=bin\Release\app.publish
set AppPublishVersionPath=bin\Release\app.publish\Application Files\MyProjectName_1_0_0_0
set CertificatePath=C:\SignedCertificate.pfx
set CertificatePassword=password
copy bin\*.dll "%AppPublishVersionPath%"
mage -update "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
mage -update "%AppPublishVersionPath%\MyProjectName.vsto" -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
mage -update "%AppPublishPath%\MyProjectName.vsto" -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
See Nathan's comment below about a possible additional step.
Can anybody tell me how to add signature in jar file.
I have developed a plugin, but when i am installing it, it is showing some warnings that it is not a signatured jar file.
Can anyone give me guidance on how to do that?
You can follow instructions given in the Eclipse wiki Jar Signing page
It is part of a protection policy against malicious code
How is signing done?
Signing is performed using the JDK's jarsigner.
This tool signs JARs by producing a separate signature for every file in the JAR.
The signatures are put in the MANIFEST.MF file and in a separate signature file in the META-INF directory.
For optimization purposes, the signature of the MANIFEST.MF with all embedded signatures is also computed and placed in the signature file.
Projects who wish to sign their JAR's with the Eclipse Foundation Signature need to name a person which applies for "signer" privilege with the Webmaster. The Webmaster will grant required permissions on the signing server and send an E-Mail with exact instructions how signing is done.
Now if the warning appears because your plugin, even signed, is not signed with the "Eclipse Foundation Signature" (if your plugin runs within an Eclipse instance), that warning is likely to remain.
See also this thread if you want to use your own keystore:
java
-Djava.security.manager=""
-Djava.security.policy=policy
-Dosgi.framework.keystore=file:keystore
-Dosgi.signedcontent.support=true
-jar org.eclipse.osgi_3.4.0.<qualifier>.jar
-console
-consoleLog
Finally, you can try out this jarsigner/keytool integration (integration to the jar exporter) which can facilitate the process.