locked
Issue Building applcations w/ sign the assembly - strong name key files RRS feed

  • Question

  • Hello.

    Having issue building an application with signing turned on for strong name key file.  We've been building clickone applications w/o problems for a long time.  Dont' have issues with this.  We normally would take the keyfile, log into our build servers as the account that is doing the builds, install the keyfile entering in password.  And it works.

    But w/ the strong name key files / signing, this isn't working.  It continues to say it isn't installed.

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.targets(2455,5): error MSB3325: Cannot import the following key file: keyfile.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_2C64B11AEE003808

    Is there something different when building these applications through a build process?

    Tuesday, April 23, 2013 1:57 PM

All replies

  • Hi kpdn,

    Thanks for your post!

    Do you mean you cannot build these applications through Team Build?

    If yes, can you tell me what version of TFS and Visual Studio do you use currently?

    Please refer to this to how to Delay Sign an Assembly: http://msdn.microsoft.com/en-us/library/9fas12zx(v=vs.100).aspx

    For more information, please refer to http://stackoverflow.com/questions/4025316/signing-assemblies-with-pfx-files-in-msbuild-team-build-tfs

    Hope it helps!

    Best Regards,


    Cathy Kong
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, April 24, 2013 3:23 AM
    Moderator
  • Hello.

    I forgot to supply you with information on my environment. Apologize for that. 

    TFS 2012 Update 2 and VS 2012 Update 2. VS 2012.2 is locally installed in our build environment as well.

    We are using  the team foundation build service.  We have multiple build servers that we interact w/ through our builds.  

    So when we execute one of our build definitions that gets executed on one of the build servers, we get the error.  Again we've never had problems w/ click once apps and the signing. but seems these strong name type signing is different. This is the first time I've had to build one.

    The link you provided for the stackoverflow.com we have tried all of those options.  That is the normal process i follow for the clickone apps taht we get w/ keyfiles that need installed.  did the same process for this one.  

    Thanks!

    KP


    • Edited by kpdn Wednesday, April 24, 2013 11:43 AM
    Wednesday, April 24, 2013 11:41 AM
  • Hi kpdn,

    Thanks for your feedback!

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
     
    Thank you for your understanding and support.

    Best Regards,


    Cathy Kong
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, April 25, 2013 1:51 AM
    Moderator
  • Is it only because of the password? What if you replace your key file with a non-protected password?

    regards,


    Forrest Guo | MSDN Community Support | Feedback to manager

    Thursday, April 25, 2013 5:22 AM
    Moderator
  • couple questions if no password is there.

    1. What does that affect as a whole? are we just trying to see if no password works?

    2. What would that affect the clients if anything by removing that password if it did work by removing it for the build?

    Just curious. We will try today to see what results we get.

    Thanks

    Thursday, April 25, 2013 1:53 PM
  • I have reproduced the scenario and get to know how to get it working. Password doesnt matter here, but the error message contains instructive information:

    "To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_2C64B11AEE003808"

    Solution is:

    1. Copy the certificate to build agent; say it's C:\testkey.pfx
    2. Install the certificate by command:

           sn -i C:\testkey.pfx VS_KEY_2C64B11AEE003808

    This installs to right container.

    Does it fix your issue?


    Forrest Guo | MSDN Community Support | Feedback to manager

    Friday, April 26, 2013 9:52 AM
    Moderator
  • By using a keyfile w/ no password we are able to get it to build.

    But we need to be able to move forward w/ a keyfile w/ a password.  So at least we know having a file assigned works in general.

    Thanks!

    kP

    Friday, May 3, 2013 3:40 PM
  • Doing #2 for any particular build would add it in the specfici container name.  But each build that name changes, at least from what i have noticed each time.  So that wouldn't work for me at this point in time.

    we tried that command though thinking the same concept previously.

    Friday, May 3, 2013 3:54 PM
  • It's not the case in my test. I had two failed build at the beginning. That container name doesn't change. The key container is machine specific normally, unless you change it to user specific. You can test it by command:

    sn -m

    Remember that, do you have multiple computer perform as build agent, in that way, build controller randomly pick build agent, the key container name varies. You can specify build agent match rule in build definition. Does that sound make sense?


    Forrest Guo | MSDN Community Support | Feedback to manager

    Saturday, May 4, 2013 12:54 AM
    Moderator
  • hello kp?

    Forrest Guo | MSDN Community Support | Feedback to manager

    Wednesday, May 15, 2013 7:04 AM
    Moderator
  • Hello

        Having the same issue. Did you got it resolved?. I dont want to import the cert without the password.

    If any solution please let me know. Tried all the ways mentioned in many forums. Could not build with the cert. 

        We have a c# webservice client distributed to many users. Every 2 years the 'client cert - .pfx' expires and I get .cer file from verisign, convert that to .pfx - I place that in right library and build. During build it will ask for password. On providing right password the build creates .exe file. This is what we do for years. Once we moved to Visual Studio 2015 (we did for tls1.2 support) the build fails. 

        Any help would be highly appreciated..

    Thank you

    Saturday, June 10, 2017 1:51 AM