daily

MagicFolder has a smart client piece that is used to push the videos users want to publish up to the server for encoding and uploading. Being a former ClickOnce design time dev, I deploy and update the application with ClickOnce. I love the technology mostly because I don't have to think about deployment issues: it just works.

Today I went to push an update of the client for the first time in a few months. Suddenly I get an error that "The certificate is not valid for signing." Crap. You see, I had used the default Visual Studio option of creating a temporary certificate that lasts for a year and is self-signed. I checked the metadata and sure enough: it expired in August.

No problem, just make a new one right? Wrong. ClickOnce will error if you deploy a new version because as far as it's concerned you've created a new program. Your manifest files are assemblies much like your DLLs are. They have a strong name and key pair used to sign them is the one bound to your certificate. You need to create a new certificate but re-use the same key pair. It's possible but annoying.

Enter my KB article. Before I left the VB team, we actually started to see this from Beta early adopters. To head this off, I wrote a little C++ app that would take a PFX file, get it's key pair from Windows, and issue a new self-signed certificate using that key pair. I had learned quite a bit about the certificate API's from working in the bowels of Visual Studio so it took me just a few hours. I wrote up the steps on how to compile and use the code sample and after my QA team gave it the thumbs up (thanks David and Elizabeth), we sent it out to the world.

This morning I looked up that same article to get my code again so I could fix up my cert. By default it creates a cert that's good for five years from the day you run the renew app. Never wanting to think about this again, I changed that to 25. My app published, updated, and all is well with the world.

Here's the article if you'd like to take a look:
You receive an error message when you try to update a Visual Studio 2005 ClickOnce application after the certificate that was used to sign the installation expires