I have a ClickOnce VSTO app deployed from the web. Our EV code signing certificate expired and the CA is taking ages to issue the new one. Meanwhile, we have some urgent updates to push so are considering publishing under a temporary self-signed certificate.
I created the self-signed certificate using Makecert and pvk2pfx. I now have three files: .cert, .pfx, and .pvk. I used the .pfx file to publish a new update of the app.
When ClickOnce tries to update, it throws the following error:
Name: AppName
From: https://apps.website.com/appname/name.vsto
************** Exception Text **************
System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for AppName or its location is not trusted. Contact your administrator for further assistance.
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal(ClickOnceTrustPromptKeyValue promptKeyValue, DeploymentSignatureInformation signatureInformation, String productName, TrustStatus status)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri manifest, DeploymentSignatureInformation signatureInformation, String productName, TrustStatus status)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri manifest, DeploymentSignatureInformation signatureInformation, String productName)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.ProcessSHA1Manifest(ActivationContext context, DeploymentSignatureInformation signatureInformation, PermissionSet permissionsRequested, Uri manifest, ManifestSignatureInformationCollection signatures, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was: MyComputer
I tried to install the certificate by using the .cer file through the Certificate Import Wizard. The certificate is now installed in the "Current User/Trusted Publishers/Certificates" container. I can see it when running mmc.exe, and the "Intended Purposes" property is set to "< All >". Yet I still get the error.
What am I missing? Is the problem with the zoning, and in that case, could you help with this as I am not too familiar with zoning?
