Signing assemblies with strong name using pfx and visual studio

Ares picture Ares · Feb 21, 2014 · Viewed 21.8k times · Source

So here is the problem: We have decided to buy a code signing certificate, we bought one from Godaddy which was in p12 format.

After researching I found out that p12 and pfx is the same thing with a different extension so I renamed it to pfx. I also got spc and p7c files but I don't have a clue what to do with them.

Anyway, I tried to add my certificate to my Visual Studio 2013 solution and here is what I get:

  • First I get a password prompt and after I input the password I am getting an error saying

    "An attempt was made to reference a token that does not exist."
    
  • On my second try to install the pfx I am getting no prompts or error messages at all but when I build I am getting the error

    "Cannot import the following key file: something.pfx 
    The key file may be password protected.
    To correct this, try to import the certificate again or 
    manually install the certificate to the Strong Name CSP with the following
    key container name: VS_KEY_33FA18307607ECFB"
    
  • So I am doing that using

    sn -i something.pfx VS_KEY_33FA18307607ECFB
    

    which completes with no errors but when I try to build again I am getting the exact same error with the same container name.

    "Cannot import the following key file: something.pfx ....
    

I tried to use the signtool which is what Goddady support recommends as an alternative but although it signs the assembly it does not provide strongnaming which I need.

I also tried to extract the certificate from the pfx to an snk using

    sn -p something.pfx key.snk

and selected delayed signing but the project didn't build again with even more errors.

Rhetorical question: why is this so hard? So many people have problems with this.

Can someone please help?

Answer

GDS picture GDS · Aug 29, 2016

I own a Comodo (.p12) certificate and ran into the same issue and solved it based on @SmithPlatts answer and @Ares comment. Here is a detailed walkthrough for those who are not savvy (like me) with certificates:

  1. Open Command Prompt with admin privileges.
  2. Type command: certutil -importPFX "<certFilepath>\<certFilename>.p12" AT_SIGNATURE (AT_SIGNATURE is what makes this work instead of [Right-click .p12 file]-->'Install PFX')
  3. Type a password of your choice.
  4. Open mmc.exe with admin privileges, File-->Add/Remove Snap-in...
  5. Add 'Certificates'
  6. Choose 'Computer Account'
  7. Under Console Root/Certificates (Local Computer)/Personal/Certificates locate your certificate installed by step 2.
  8. Right click Cert/All Tasks/Export-->Next/Yes, export the private key
  9. Go to 'Personal Information Exchange - PKCS #12 (.PFX)'
  10. Uncheck 'Include all certificates...'. Important! If checked VS will produce this message: "Cannot find the certificate and private key for decryption" when signing.
  11. Check 'Export all extended properties' (Optional).
  12. You can check 'Delete the private key...' if you are not planning to re-export in the future.
  13. Tick password and type the password of step 3.
  14. Choose file path and file name for the exported (.pfx) certificate.
  15. Use exported .pfx file to sign your assembly/project from VS.
  16. Build project to make sure that pfx works properly.