Thursday, June 26, 2014

Getting code signing to work with ClickOnce on a TFS Build Agent

Code signing is a giant pain in the butt. You have to :
  • Obtain the certificate for signing the code by:
    1. buying the certificate from an issuer.
    2. generating your own self-signed certificate
  • Configure ClickOnce within your project file with the following property elements:
    • <signmanifests>true</signmanifes>
    • <manifestcertificatethumbprint>A387B95104A9AC19230A123773C7347401CBDC69</manifestcertificatethprint>
  • Log into your machine **as the user running the build controller / agents ** and import the key to their user Personal certificate store!
    • Run 'certmgr.msc' from the Run command in the start menu (WinKey + R is the hotkey)
    • In the Certificate Manager that comes up, go to Personal in the tree, right-click, and select All Tasks -> Import ...
    • In the Certificate Import Wizard window that comes up, select Next to move to the 'File To Import' screen.
    • Select your certificate file, which has the same thumbprint as specified in your project file, then click Next to move to the 'Certificate Store' screen.
    • In the 'Certificate Store' screen, select the 'Place all certificates in the following store' option, then click Browse to select the store. Choose 'Personal' in the selection window. Click Next to move to the "Completing the Certificate Import Wizard" window.
    • On the "Completing the Certificate Import Wizard" window that comes up, click Finish to import the certificate.
You should now be able to build and sign your code on a TFS Build controller / agent.

No comments: