Strong Name sn.exe: Failed to install key pair -- Object already exists

.net certificate duplicates sn.exe strong-named-key
ChrisG picture ChrisG · May 20, 2014 · Viewed 14.2k times · Source

I have 2 different versions of the same project on my machine. One from the code trunk, and the other from a code branch. These projects use a .pfx key to enable strong naming. When I first tried to compile the trunk version of the project I get the following error:

Cannot import the following key file: sgKey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_45891C38BC1BB345

To resolve this I use sn.exe with the following command:

sn -i sg Key.pfx VS_KEY_45891C38BC1BB345

This resolves the issue with the trunk project, which then happily builds.

However, when I try to build the branch version of the project, I receive the same initial error (with the same key container name), and when I try install the certificate using the sn.exe it (not surprisingly) gives the following error:

Failed to install key pair -- Object already exists

This makes sense in that I used the same infile and container on the sn command, but what I am trying to understand is:

  1. If this object already exists, why is the project failing to build, as it would appear the certificate is already installed.
  2. How I resolve this (e.g. can I uninstall and then reinstall? and if so, how?)

Answer

ChrisG picture ChrisG · May 20, 2014

I have managed to resolve my issue, without fully understanding the cause. I found a post about a similar issue here, but did not fit my circumstance precisely, as I had only ever logged on to my machine as a single user.

The post showed how to delete the container, but I couldn't do this either as it said the container didn't exist. What it did though was prompt me to run the command prompt as an Administrator, which I had not done previously. This allowed me to uninstall and re-install the certificate, and both versions of the project now build successfully.

My assumption is that somehow the certificate had initially been installed (by me) under a different user than the one I tried to install with the second time, though I don't know why this would be, as I have only ever logged on to the machine as a single user. It remains something of a mystery to me.

Summary:

  1. Start the developer command prompt as administrator, otherwise you'll get a misleading error saying the container doesn't exist.
  2. Run sn -d VS_KEY_XXXXXXXXXXX to remove the old key.
  3. You should now be able to reinstall the certificate.

Related questions

A certificate chain could not be built to a trusted root authority

During the installation of .NET Framework 4.6.2, I got an error: .NET Framework installation failed: -2146762486. A certificate chain could not be built to a trusted root authority A solution to the above-mentioned error is given at this MSDN Blog link, …

Read More
How can I create a self-signed certificate using C#?

I need to create a self-signed certificate (for local encryption - it's not used to secure communications), using C#. I've seen some implementations that use P/Invoke with Crypt32.dll, but they are complicated and it's hard to update the …

Read More
How can I install a certificate into the local machine store programmatically using c#?

I have a certificate generated via MakeCert. I want to use this certificate for WCF message security using PeerTrust. How can I programmatically install the certificate into the "trusted people" local machine certificate store using c# or .NET? I have …

Read More