Don't use ClickOnce temp cert


The temporary certificate that Visual Studio generates for ClickOnce applications expires one year from the date you create it. It is considered a "development" certificate by Microsoft. Changing the cert a year from now forces users to uninstall and reinstall. You want to create your own cert with a reasonable expiration and sign the assembly with it.

So many ClickOnce apps just stop working a year after they were created.


shanselman wrote Jun 12, 2008 at 11:52 PM

Good info. Can you point me to something that explains how to make a certificate (and renew it) that is more permanent? I'm not having Google Love here.

shanselman wrote Jul 15, 2008 at 6:47 AM

Can you give me more details on this? Do I need to spend $500 on a 3 year cert? What do I need to do now that hundreds of people have this application installed already?

mpowell wrote Jul 25, 2008 at 4:46 PM

Try this: http://www.may.be/renewcert/
It lets you put the expiration date on your temporary cert far into the future.

JohanDanforth wrote Oct 7, 2008 at 2:27 PM

The application on http://www.may.be/renewcert/ doesn't work properly for me (and for some other people, why I don't know). You can use the tools that come with the SDK to create a cert that doesn't need renewal for 30 years, this should work:

makecert.exe -r -pe -a sha1 -n "CN=Babysmash" -b 01/01/2000 -e 01/01/2036 -eku -sv Babysmash.pvk Babysmash.cer

pvk2pfx.exe -pvk Babysmash.pvk -spc Babysmash.cer -pfx Babysmash.pfx