Good morning stullhe104
You had an accurate spot that a Certificate Authorities(CA) is only valid
for 12 months by default. Typically, certificate expiration would mean that
we need to re-sign the ClickOnce application every 12 months. However,
authenticode mitigates the need for this with support for time-stamping:
http://msdn.microsoft.com/en-us/library/bb931395(VS.85).aspx
The Timestamp Server URL feature allows you to supply a service that will
time stamp your manifest during the publishing process. When you sign a
ClickOnce deployment using a certificate, ClickOnce records the date and
time of the signing and embeds it in the deployment's digital signature. So
long as the deployment was signed when the certificate was still valid,
ClickOnce will allow the application to run even if the certificate has
since expired.
As for the time stamp service, Verisign, Inc. is an example of a CA that
provides this kind of service. You may use the following Timestamp server
URL:
http://timestamp.verisign.com/scripts/timstamp.dll
Alternatively, you may create a command-line assembly that updates the
certificate. A KB article has the provided sample code:
http://support.microsoft.com/kb/925521
It addresses how to renew a certificate created by ourselves.
In addition to that, I found some useful resources for you to look at
whenever you find free time. You might have come across these before but it
is just for your reference.
Managing ClickOnce publisher certificate files
http://www.softinsight.com/bnoyes/PermaLink.aspx?guid=78d107d1-3937-4d8d-81d
9-73cb6ae18eee
Signing your clickonce application with a certificate created by your own
CA root
http://bloggingabout.net/blogs/waseem/archive/2007/04/12/signing-your-clicko
nce-application-with-a-certificate-created-by-your-own-ca-root.aspx
ClickOnce Deployment and Authenticode
http://msdn.microsoft.com/en-us/library/ms172240(VS.80).aspx
Please DON'T hesitate to tell me if you have any other questions or
concerns.
Regards,
Jialiang Ge (
[email protected], remove 'online.')
Microsoft Online Community Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
