The Problem Solver

Tell me and I will forget
Show me and I will remember
Involve me and I will understand
- Confucius -

Google Ads

This Blog

Syndication

Search

News

Community

Email Notifications

Explore

Explore DevelopMentor's Related Content:

Concepts
LINQ
Entity Framework
WCF
WPF
RESTful
Web
Unit Testing
.Net
Workflow
More >>

Tools
Visual Studio
Windows
IIS
Silverlight
More >>

Type
Screencast
Tools
Video
Newsletter
Sample
Article
Books
Magazine
How To
Demo
Course
Products
More >>

Archives

ClickOnce certificate expiration

I just heard about a pretty nasty "bug" with ClickOnce. Well it isn't an actual bug but still a nasty problem to run into.

The problem is actually with the certificate used to sign a ClickOnce installer. When you create a new ClickOnce installer Visual Studio will automatically generate the required certificate for you. And the intention was that this was only a temporary certificate and that a developer would replace it with a real one. Now it turns out that most people, including me, think there is only a single advantage to using a real and that is the claim that the certificate is from an untrusted publisher. Well that is only a warning most people ignore anyway so why bother with the real certificate.

Well it turns out there is a second, much larger, disadvantage to using the generated certificate. And that is the fact that it is only valid for a single year. And after that year the ClickOnce installation will stop downloading new updates.

More information, including a workaround, can be found here.

Thanks to Eric Knox and Cory Smith for pointing this out.

Enjoy!

Published Wed, Jun 4 2008 17:59 by Maurice

Filed under: .NET, VB, DevCenter, ClickOnce

Comments

# re: ClickOnce certificate expiration@ Wednesday, June 04, 2008 6:17 PM

You'll still need this KB article, because certificates granted by third parties are also not valid for more than two or three years, generally, so they will expire while you're still trying to provide updates.

by Alun Jones

# re: ClickOnce certificate expiration@ Thursday, June 05, 2008 10:47 AM

Good point, so you better make sure you get a certificate with an expiration date far in the future. After all your application is going to be successfully used for a long time right Smile

by Maurice

# re: ClickOnce certificate expiration@ Friday, June 06, 2008 8:04 PM

No, just when you renew the cert used to sign, you use the same CSR.

by Robert

# re: ClickOnce certificate expiration@ Thursday, July 24, 2008 4:47 PM

Yeahbut....

When you get a new certificate, the ClickOnce install counts as a whole new program that just so happens to have the same name, doesn't it? Which means all the existing users have to re-do their settings all over again.

by Bob Bingham

# re: ClickOnce certificate expiration@ Friday, December 05, 2008 8:56 AM

I had the same problem, but uninstalling didn't even help. I finally figured out that it was because MIS had taken away my admin permissions, and so I had to change publishing location to the server, whereas I previously was publishing it from my computer. however, I still had my computer's address in the update location. Clicking on Updates on the Publish tab, I then deleted the address in the update location, and it fixed the problem.

by Tharpa

# re: ClickOnce certificate expiration@ Tuesday, March 31, 2009 8:37 AM

why not generate a 100 years cert file from your own for internal use only? you can use 'makecert' to do it

by Kelvin Lu

# Rvfaneti@ Monday, July 13, 2009 3:02 PM

XsaZkQ

by Rvfaneti