Renewing certificates and public key tokens

  • Thread starter Thread starter Mike Schilling
  • Start date Start date
M

Mike Schilling

The certificate we use to sign our assemblies was about to expire, so I contacted Verisign to renew it. The new certificate came, we installed it, we pointed out nightly build at it, the new DLLs got signed, so far so good. The problem is that, when we looked at the with ILDASM, we noticed that the public keys tokens are different from the ones generated by the older certificate.

This is a compatibility problem, of course. It's not possible to issue a bindingRedirect from a version signed with the older certificate to one signed with the new one, since .NET considers them different assemblies, not two versions of the same assembly. Verisign insists that renewed certificates always have different public keys, and this is just how things work, but I can't picture that an unavoidable incompatibility is created every year when certificates expire. What am I (or are they) missing?
 
Why are you using certificates for the SN? Why not just create a .snk and use that? Then you don't have to worry about expire and can use same public key for all versions.

--
William Stacey, MVP
http://mvp.support.microsoft.com

The certificate we use to sign our assemblies was about to expire, so I contacted Verisign to renew it. The new certificate came, we installed it, we pointed out nightly build at it, the new DLLs got signed, so far so good. The problem is that, when we looked at the with ILDASM, we noticed that the public keys tokens are different from the ones generated by the older certificate.

This is a compatibility problem, of course. It's not possible to issue a bindingRedirect from a version signed with the older certificate to one signed with the new one, since .NET considers them different assemblies, not two versions of the same assembly. Verisign insists that renewed certificates always have different public keys, and this is just how things work, but I can't picture that an unavoidable incompatibility is created every year when certificates expire. What am I (or are they) missing?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top