ClickOnce Deployments

February 10th, 2010 by gareth

I’ve been pulling my hair out all day trying to figure this out so I thought I’d place it on my blog as a convenient place for other Visual Studio users and myself for next time!

Assumptions
I will assume you have your app build and now ready to release it to your internal corporate network and you have access to a server for deploying your software.

Requirement – OpenSSL
Download and install OpenSSL from here – http://www.slproweb.com/products/Win32OpenSSL.html

Steps
I installed OpenSSL to C:\Program Files\OpenSSL, opening a command prompt window, navigate there and then to the bin directory.

C:\Users\Gareth Evans>cd "C:\Program Files\OpenSSL\"
C:\Program Files\OpenSSL>cd bin
C:\Program Files\OpenSSL\bin>

Run:
openssl genrsa -out ca.key 4096

To generate a private key for the Certificate Authority (CA).

Run:
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

To generate a public key for the CA.

Note: Whatever you enter for “Common Name (eg, YOUR name) []:” will become the NAME of the Certificate Provider.

Enter as much or as little information/details as you want or need.

So we’ve created a CA certificate now, we need to create a sub certificate.

Run:
openssl req -new -key ia.key -out ia.csr

Again Note: Whatever you enter for “Common Name (eg, YOUR name) []:” will become the NAME of the Certificate Provider. Remember to call this something different to the CA Common Name.

Run:
openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt

Run:
openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt

Run:
openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt -keysig

Open CA.crt
Install Certificate
Put Certificate in “Trusted Root Certification Authority”

Open certificate.crt
Install Certificate
SAVE PRIVATE KEYS – see Fig 1
Put Certificate in “Personal”

Back to Visual Studio now, select the Startup Project, Right Click, Select Properties.

Within the Signing tab (left hand side), Tick “Sign the ClickOnce manifest”, Click “Select from Store”, select your certificate.

Select the Publish tab, Set the Publish Folder Location and Installation Folder URL and click Publish.

Deploy CA.crt to domain Computers, placing Cert in “Trusted Root Certification Authority”

Verify the ClickOnce deployment.


Figure 1

Posted in .NET Development, ClickOnce Deployment, Code Signing, Computing, Networks, OpenSSL, Security, Visual Studio

Leave a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.