signer's certificate is not valid

Question

I have programmed succesfully with VB 4.0 for years and have recently started to "Update" myself with Visual Basic 2005.  I tried to build an application to distribute via CD.  I received the following error:

Error 2 SignTool reported an error 'Failed to sign bin\Release\Counting Stewards data entry.publish\\setup.exe. SignTool Error: ISignedCode::Sign returned error: 0x80880253

 The signer's certificate is not valid for signing.

SignTool Error: An error occurred while attempting to sign: bin\Release\Counting Stewards data entry.publish\\setup.exe

'. CSDE
 

I am totally "out to lunch." I have no clue of what this is about and cannot find anything in my references which address it.  I have found no code on line that enlightens me.  Is there a simple explanation and/or fix?  Where can I learn more in order to avoid this in the future?

Thanks in advance for any help.

 

Answer 1

See if these article will help

http://msdn.microsoft.com/workshop/security/authcode/intro_authenticode.asp

http://msdn.microsoft.com/workshop/security/authcode/authenticode.asp

http://msdn.microsoft.com/library/default.asp?url=/workshop/security/authcode/intro_authenticode.asp

 

Answer 2

Thank you for your quick response.  I believe I understand.  The purpose of the signer's certificate is to improve security for sending stuff over the internet.  Is this correct?  If it is, then this is more than I need.  I am not interested in sending applications or data over the internet.  All I want to do is create an application that I can install on  my church's computer so that the people who count Sunday's offering will have a tool to organize their work, which can be a complex and error-prone process.  Is there any way that I can do that?  Must I have a signer's certificate?

Answer 3

I modified the url in the setup.exe file clickonce creates and then tried to resign the file using the following command

 signtool sign /f TradingPlatform.pfx setup.exe
 

where TradingPlatform.pfx is a valid certificate in the same directory as setup.exe.

 Here is my output

Done Adding Additional Store
SignTool Error: ISignedCode:ign returned error: 0x80070057
        The parameter is incorrect.

 

 

If i use the signtool wizard i get the very informative error:

SignTool Error: An error occurred while signing: <>

 

If i try to sign the setup.exe file before i modify it, it works fine.  Does this mean you can not modify an already signed file and then resign it using this tool????

 

Answer 4

-In VB2005
-Go to the property of the Project
-Select the Signing tab
-Click 'create test certificate' button
- it will ask for new password 2 times and you have another 1 year extension!

Answer 5

I had the very same problem, your answer solved it. Thanks!!!

Answer 6

 

oh

u solved my problem too

many thx!!!

 

one more question,

for the next expired date, i am supposed to do the same thing?

 

many thx

HunB

^__*

Answer 7

 

Answer 8

 

My problem is solved.

 

Thanks

 

Answer 9

jam66,

 

thank you very much. The official MS workaround to this issue involves creating a new C++ program to generate a new certificate (http://support.microsoft.com/kb/925521), I was sure there was a simpler way to do it!

 

 

Answer 10

That solved my problem too in C#.

 

Go to Signing (Properties>Signing)

Create test certificate.

 

and thats it.

 

Thanks.

 

Answer 11

THANKS so much!   Works also in VB 2008 for projects migrated from VB 2005.

 

Answer 12

Is it possible to just extend an existing certificate, or to make the certificate last more than the year?

 

I ask because when a new certificate is created, all the users where the application is deployed will need to do a certain amount of work. (such as remove the old link and create the new link to the install url.)

 

Answer 13

Click the CREATE NEW SIGN, leave passwords blank...

 

No More sign required.

 

Answer 14

This really helped me too.

 

Thanks.

 

Dan

 

Answer 15

The Microsoft workaround allows to keep your user's certificates valid.  (Otherwise all your users will have to authorize the "new" application...

You can get an already compiled version at

http://www.may.be/renewcert/

Once you get the new certificate, don't forget to select the new file from Visual Studio's signature tab.  Visual Studio won't re-read it, even if the file has changed :-(

Yves

Answer 16

Where do I find this information for Visual Studio 2005 or VS 2008?

Answer 17

Great. it is working

Answer 18

Thanks a bunch. It solved the problem!

Answer 19

Thanks,
Resolved my problem.

Airton

---

JOAB

Answer 20

It's the advice that keeps on giving!  thx

Answer 21

thanks a ton.

U solved my problem

 

Answer 22

Brilliant, it even worked in VS2008.

Thanks,

Ray

 

---

Software Outsourcing by Beztec.com

Answer 23

Thanks, it solved my problem at VS2005

 

Osvaldo

Answer 24

Thanks man really usefull.

 

 

Zubarik

Answer 25

Also in Visual studio 2010 I solved the problem in project properties.

The message colud be more clear  "signer's certicate is EXPIRED" (in my case) and not a generic 'not valid'...

Any way, many thanks.

Cesare

 

 

 

Answer 26

simplest solution is to uncheck the sign click once manifests checkbox in project properties

Answer 27

Great answer, works in VS2010 also.

 

---

Mark Harby Nottingham, UK

Answer 28

Thank you!!! Solve it!!

Answer 29

THANKS MAN, THIS IS THE SOLUTION ONE

Answer 30

Saint Immediately. You have saved my life with this information.

:-) THANKS :-) THANKS:-) THANKS:-) THANKS:-) THANKS:-) THANKS:-) THANKS

---

Federico

Answer 31

Also works for me using VB 2008

Thanks a lot.