Main problems overcome by clickonce deployment (list signature. pfx digital certificate, no response after "installation)

 

1,Solution to the Problem of no response after clickonce client deployment is "installed:

The clickonce deployment method is the dfshim supported by this file on the client. DLL .. in. when installing the. NET 2.0 Framework. application file type associated... the browser is downloading. after the application file, the dfshim. when the DLL is opened by dfsvc.exe, we will see the installation interface of clickonce .....

Therefore, if the "installation" of the client does not respond, you can use the right-click and save as function to download it. application file, and then select. right-click the application file and select dfsvc.exe to open the file to install the client ....

 

2,Create a. pfx Digital Certificate signed for the clickonce list

Automatically created using vs2005. pfx digital certificates are only valid for one year by default, and both the "issuer" and "issued to" are combinations of the current machine name and current Login User name. In fact, we can create more friendly. pfx digital certificate.

Follow these steps to open the SDK Command Prompt for Microsoft. NET Framework:

1. Create a self-Signed X.509 Certificate (. CER) and A. PVK private key file and use the makecert tool. The command is as follows:

Makecert-r-n "cn = cncxz"-B 01/01/2005-e 01/01/2018-SV myselfname. PVK myselfname. Cer

Set the private key password as prompted (or do not use the password) to generate related files in the current directory.

(Annotation: CN (owner name), myselfname. PVK is the name of the signed file)

2. Use X.509 Certificate (. CER) to create a issuer certificate (. SPC) and use the cert2spc tool. The command is as follows:

Cert2spc myselfname. Cer myselfname. SPC

3. Convert from. PVK and. SPC to. pfx. The pvkimprt tool is used. The command is as follows:/files/fooo/pvkimprt.rar

Pvkimprt-pfx myselfname. SPC myselfname. PVK

(Download and decompress pvkimprt to this directory: D: \ Program Files \ Microsoft Visual Studio 8 \ Vc. Otherwise, an access request is rejected, that is, the certificate path is incorrect. Note,The certificate is also in this directory when it is created.)

Follow the prompts to export the. pfx certificate. If the private key password is set in step 2, enter verification here.

4. Click "select from file" in the certificate settings of the clickonce list signature of the vs project to browse and find the certificate exported in step 1. pfx certificate. Verify the private key password of the certificate set in step 1.

========================================================== ==========
The makecert tool and cert2spc tool. NET Framework come with the following pvkimprt tool:
Http://download.microsoft.com/download/vba50/Utility/1.0/NT5/EN-US/pvkimprt.exe

 

 

3,Clickonce Signature

Scenario: A project used in the production environment performs system upgrade. When the clickonce release process finds that the signature has expired, the on-site engineer generates a new signature and then releases the product. After the release is completed, all clients cannot be updated and a signature error is prompted.
Problem: the annual signature of vs2005 is only valid for one year, so it is easy to expire during the maintenance period. If the new signature result is made, the client cannot update the verification signature.

Solution:
1. Create a new signature and use the new signature as clickonce.ProgramDelete and re-use the new clickonce installer for installation.
(This method is so shameful. If you have another upgrade, you may have this problem. At the same time, clickonce must be renamed as clickoneyear ).

2. extend the validity period by using the original signature.
Http://support.microsoft.com/kb/925521/zh-cn
Http://support.microsoft.com/kb/925521/en-us

Some of you have found this problem and know the solution. However, if VC ++ is not installed on the machine, it may be inconvenient to perform the operation. Now, you can download the package:
Http://files.cnblogs.com/spymaster/RenewCert.rar
Usage: in the Command window, enter
Renewcert <oldcertificate>. pfx <newcertificate>. pfx "cn = <newcertificatename>" "<password>
Okay. The new signature is valid for five years.

3. Make a long-term signature at the beginning of the project.
Http://www.cnblogs.com/cncxz/archive/2007/03/15/675937.html