signer's certificate is not valid for signing (VS2008 windows forms)


B

BillE

<extreme frustration>

I have googled and read about this, but can't seem to get a grip on it.
Apparently I am being coerced into digitally signing applications. Is this
true? What if I don't want to?

The basic question is: If I click the "Create Test Certificate" button on
the Signing tab of the properties for my application so I can publish it,
what happens when I distribute the application?

- Will users be challenged installing the application because they have
to install a certificate?

- Will users be getting scary warnings they don't understand because its
not a 'real' certificate?

- Will users come screaming in one year because the certificate has
expired?

- Will I have to provide new certificates every year to every user
forever?

What the heck is the point of this? I don't see it as a meaningful security
enhancement.

It is useful to be able to sign an application, but it is not something
which should be forced down my throat. Let ME decide if I want to digitally
sign my application!

Background:

After installing VS2008, when I try to publish a vb.net windows application
I get the failure message "The signer's certificate is not valid for
signing."

I unchecked the checkbox "sign the click once manifests" on the signing tab,
but it checks itself. GRR!

</extreme frustration>

Thanks
Bill
 
Ad

Advertisements

E

eschneider

I'm told you can turn off signing with VS2008 Service pack 1.

- Will users be challenged installing the application because they have
to install a certificate?

Yes, but with a cert they can trust your company if they want, preventing
further checks.
- Will users be getting scary warnings they don't understand because
its not a 'real' certificate?
Yes


- Will users come screaming in one year because the certificate has
expired?

Yes, and will cause problems for existing deployed applications.
- Will I have to provide new certificates every year to every user
forever?

depends on the cert duration.
What the heck is the point of this? I don't see it as a meaningful
security enhancement.

User can be sure the application came from the company where the cert
claims, and that the software has not been modified by a differnt party. The
cert can also be revoked if needed.

Eric
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top