How to sign the XBAP with your own certificate
I am writing a series of posts about WPF Browser Application, XBAP and configuration tips. I’m going to host this application in IIS 5.1 and I developed them in .Net 3.5. The reason I have chosen IIS5.1 and .Net 3.5 is because of challenges I had in one of my recent projects. Configuring this type of projects is different in other versions of IIS and .Net frameworks and they are not is subject of this post series.
- How to create a simple Browser Enables WPF application
- How to host a windows form application inside XBAP
- How to sign the XBAP with your own certificate
Before starting I think its better to have same understanding of file extension that we are going to talk about.
.cer file: Apublic key which is given by Certificate Authority
.pvk file: This file is your private key and should keep it confidential
.pfx file: This is a Personal Information Exchange file and again you should keep it confidential because it contains
We have created a simple WPF Browser application and a simple windows application which is hosted inside the XBAP application. When we created WPF application Visual Studio automatically create a .pfx (Which is used for signing ClickOnce manifest).
To create your own certificate you need to follow these steps:
Step 1: Creating your key pairs (Public and Private)
open Visual Studio Command Prompt (2010) and then goto your application path and type following command
makecert -n "CN=Your Company Name" -r -sv Key.pvk Key.cer
A password dialog box will be displayed and you set your own password. This command creates two files one private key and one certificate.
Step2: Then you need to create PFX file which is used for signing ClickOnce manifest and contains both private and public key.
pvk2pfx.exe -pvk Key.pvk -spc Key.cer -pfx KeyPFX.pfx -po [password]
Put your own password as [password] and this command will create a PFX file
Step 3: Back to the solution explorer delete “SimpleBrowserApplication_TemporaryKey.pfx” and goto Application property page and select signing tab. Click on “Select from file” and select the PFX file you have just created.
Step 4: Just like before publish it to you server.
Step 5: Give certificate to the client and register the certificate on the client machine. To do this double-clicking on .cer file. You will see following window. Click on Install Certificate button.
Follow installation wizard and click Next on the first window.
In this window select “Place all certificates in the following store” and then select “Browse…” button.
In this window select “Trusted Publishers” and then click Ok. Select “Next” previous windows and then select finish.
Step 6: Redo the step 5 but this time select “Trusted Root Certification Authorities” as the certificate store.
Now you have enabled your client to accept this XBAP application as full-trust application.
Hi,
I tried everything you have shown here but it is not working. I can run my .xbap file or the .html file that linked with .xbap on my localhost but it is not working when I host the file.
Chinthu Shamsu
June 27, 2011 at 11:22 am
Hi Chinthu,
Have you read the other two post? What error do you get?
Ahmadreza Atighechi
June 27, 2011 at 6:37 pm
Hi,
Sorry about the above comments, you can download my error message from
http://www.4shared.com/get/LcW-ScnH/Error.html
Chinthu Shamsu
June 28, 2011 at 10:14 am
Did you register certificate on client exploring this xbap?
Ahmadreza Atighechi
July 7, 2011 at 10:15 pm
at third step when i have select the .pfx file in visual studio then enter password it shown incorrect password but i have enter the correct password
vrushali katkade
August 6, 2011 at 2:40 pm