none
ClickOnce deployed app doesn't update after signing with a renewed certificate RRS feed

  • Question

  • A few months ago I ClickOnce deployed an app.  I signed the ClickOnce manifest with a VeriSign certificate.  The certificate expired a few days ago so I had VeriSign renew it (Yes I did renew it and didn't just purchase another one).  I then wanted to publish an update.  I signed the new version's ClickOnce manifest with the new certificate and published it to the web server.  Now when the app checks for updates it fails.  BUT, if I navigate to the .application file in Internet Explorer and click on it, the program updates just fine.  HOWEVER, if I publish the new version to my local machine and have the update location the same and click on the .application file from there it installs another copy of the app onto my machine with a "- 1" after the name.

    I haven't been able to get the exact error that is being generated when it tries to check for updates.  ClickOnce deployed apps aren't the easiest to debug after they are deployed.  I trying to figure that out for the moment.  But it does have something to do with the new certificate because I published updates before with the previous certificate and it worked great.

    I know there were issues regarding this in VS 2005 and .NET 2.0 but I used VS 2008 and .NET 3.5 SP 1 to publish both the original and the update.  My app requires .NET 3.5 SP 1 to run so I know that if it is checking for updates the client machines already have the proper framework version installed.

    I need the users that are out there with the the app already installed to see the update.  None of them would know to go to the update site and click on the .application file.  And I can't make a CD and send it to them to run because it would just install another copy.

    I know people are going to tell me to have my user's uninstall and reinstall but I REALLY don't want them to have to do that EVERY year.  I just want ClickOnce to work how it is advertized and how I believed it to work when I first decided to use it.
    Tuesday, March 24, 2009 7:04 AM

Answers

  • Looks like you might be using the programatic update APIs in System.Deployment. Unfortunately these APIs are not able to handle the certificate expiry scenario yet. Only the ClickOnce auto update mechanism can handle the expired certificate scenario.

    For now some options are
    -> Update the app to move to auto update mechanism
    -> Move to new certificate using the auto update mechanism


    You could also try some of the methods described in this forum post: http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/1217520d-6dc4-4fb1-83d1-0fa148d60e5d

    Thanks
    Saurabh

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by gongchengshi Wednesday, March 25, 2009 4:06 PM
    Wednesday, March 25, 2009 1:19 AM

All replies

  • Unfortunately I only printed out the outer-most exception message to my log so I don't know if there is an inner exception.  The exception appears in the form of the CheckForUpdateCompletedEventArgs.Error object of my handled CheckForUpdateCompleted event.

    This is the exception message: "Object reference not set to an instance of an object."  This doesn't give me much information especially since it is being thrown from the asynchronously executing ClickOnce code and not my own.  Any ideas?
    Tuesday, March 24, 2009 2:13 PM
  • Looks like you might be using the programatic update APIs in System.Deployment. Unfortunately these APIs are not able to handle the certificate expiry scenario yet. Only the ClickOnce auto update mechanism can handle the expired certificate scenario.

    For now some options are
    -> Update the app to move to auto update mechanism
    -> Move to new certificate using the auto update mechanism


    You could also try some of the methods described in this forum post: http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/1217520d-6dc4-4fb1-83d1-0fa148d60e5d

    Thanks
    Saurabh

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by gongchengshi Wednesday, March 25, 2009 4:06 PM
    Wednesday, March 25, 2009 1:19 AM
  • You are right.  I am using the ClickOnce API to handle the updates.  I guess someone overlooked this when they went to fix the original issue.  I guess ClickOnce isn't going to work for us. Thanks Saurabh. 
    Wednesday, March 25, 2009 4:08 PM