In many cases, when the certificate you use to sign your ClickOnce deployment expires, your customers have to uninstall and reinstall the application. This is the problem discussed in my MSDN article on Certification Expiration in ClickOnce Deployment.
Part of that article discusses the use of a program called RenewCert to extend your signing certificate, and tells you why you might want to do that. The following GoldMail shows you how.
The basic command looks like this:
RenewCert oldpfxfile newpfxfile CN=newName password-to-old-pfx-file
Let’s say I have a certificate called NightbirdPFX.pfx that has expired. If I want to create a new version with the same public/private key pair, I would use this command:
RenewCert NightbirdPFX.pfx NightbirdPFX5Yrs.pfx CN=”Nightbird 5 Yrs” MYpassw0rd
Now I can replace the old certificate with the new and publish an update, and the users will be able to pick up the update without having to uninstall and reinstall the application.
As noted in the GoldMail above, if you have a vendor certificate, it does change it to a test certificate. So if you still want to have a trusted deployment, you have to purchase a new certificate.
The compiled version of RenewCert that I used to extend my vendor certificate can be downloaded here. This requires the C runtime libraries from Visual Studio 2005 in order to run, so I have included those in the zip file as well.
I’d like to thank Cliff Stanford for taking the C++ code from MSDN and enhancing it so it works for both test certificates and vendor certificates. If you’re interested, the code and compiled binary can be found here.
If you want to read the original article in MSDN and/or see Microsoft’s code, you can find it here.
[Edit 7/7/2011 Move zip file to Azure blob storage]