3

I need to get hold of a new ClickOnce Certificate because my temporary one has expired. My applications are only used internally so I'd like to get a certificate from our Domain Controller so installation does not have a security prompt (and doesn't expire a quickly)

There are a number of Questions that come close to my issue: Signing ClickOnce with a certificate? (Very close) Visual Studio ClickOnce deployment - certificate expiration How can I renew my expired ClickOnce certificate?

Community
  • 1
  • 1
Jan Bannister
  • 4,859
  • 8
  • 38
  • 45
  • just trying to clarify. your self-cert ran out and you don't want to pay for a third-party cert? are you your own CA? – codeConcussion Jul 13 '09 at 18:16
  • No I'm not a certificate authority. But my applications will only every be used within my Windows Domain. I remember being told (a long time ago now) that a Domain Controller is considered a Trusted Root so if it 'signs' the cert your application will be considered verified. – Jan Bannister Jul 14 '09 at 10:33

1 Answers1

4

If your Domain Controller is already trusted, it seems very natural to simply start up Certificate Services on that DC and turn it into a CA. Once you get that set up, you will be able to request Code Signing certificates from the developer PCs through the Certificates Snap-in (MMC). The certificates will be in the name of the developer but we like that where I work because it conveys accountability.

BTW, we are running that exact same configuration at my company and it works like a charm.

James Jones
  • 8,653
  • 6
  • 34
  • 46