“Unable to find manifest signing certificate in the certificate store” - even when add new key

Question

I cannot build projects with a strong name key signing - the message in the title always comes up.

Yes the project was initially copied over from another machine. However even if I add a new key via the Signing tab in Project Properties, this error is still shown.

I have tried running Visual Studio as an Administrator and have tried manually adding the keys to Windows Certificate Store.

Help!

Edit: I don't get this error with a new project, but I'd quite like to get this existing project working. It won't work even if I create a new certificate!

What type of VS project? Have you unchecked the "Sign the ClickOnce manifests" on the Project Properties Signing Tab as well? — Simon Mourier, Aug 20 '12 at 17:21
@Simon Mourier, if I uncheck that option then the file won't be signed. I want it to be signed! It's a C# project. Works fine on my main development machine, just not on the laptop. — Marcus, Aug 23 '12 at 21:53
Is the error message displayed in your build log, or in some other way? It may help if you copy and paste the log. — Owen Wengerd, Aug 25 '12 at 14:35
An error in the build log: “Unable to find manifest signing certificate in the certificate store” — Marcus, Aug 25 '12 at 14:52
I didn't see the lines of code in the accepted answer. But this worked for me: I created a new key in VS2015. I unclicked Sign the Assembly and saved. Then I clicked the Select from File button,chose the file I'd just created, clicked again on Sign the assembly, and saved. Rebuilt. — Tim, Aug 22 '17 at 19:03

score 369 · Accepted Answer · edited Dec 30 '21 at 12:14

369

I've finally found the solution.

Edit the .csproj file for the project in question.

Delete the following lines of code:

<PropertyGroup>
   <ManifestCertificateThumbprint>...........</ManifestCertificateThumbprint>
</PropertyGroup>
<PropertyGroup>
   <ManifestKeyFile>xxxxxxxx.pfx</ManifestKeyFile>
</PropertyGroup>
<PropertyGroup>
   <GenerateManifests>true</GenerateManifests>
</PropertyGroup>
<PropertyGroup>
   <SignManifests>false</SignManifests>
</PropertyGroup>

edited Dec 30 '21 at 12:14

Halo

1,730
1
8
31

answered Aug 26 '12 at 12:27

Marcus

9,011
10
45
65

1

Worked for me too. Any caveats of such action? – Doctor Coder Jan 16 '19 at 17:36
1

Yup, deleted anything with "Manifest" and it worked :-) – s1cart3r Jun 18 '19 at 20:40
16

I wouldn't do this without knowing the repercussions... *does it anyway* – barnacle.m Jun 27 '19 at 12:42
In my case, Deleting `ManifestCertificateThumbprint` and `ManifestKeyFile` solve the problem. – Ahmed Shamel Dec 19 '19 at 11:12
@Parrotmaster were there any long term repercussions in the long term for your project? – TOTM Nov 06 '20 at 19:40
@SteveJoppich Haven't noticed any yet. I have since moved to a different company so I'll never know. – Parrotmaster Nov 08 '20 at 18:17
(vs2019 v16.11.24) in works. thanks for info – Uğur Demirel Feb 26 '23 at 18:29
Excellent, worked very well for me in VS2022 – ranobe Aug 23 '23 at 16:13

ADL · Answer 2 · 2017-04-20T18:15:46.170

216

Go to your project's "Properties" within visual studio. Then go to signing tab.

Then make sure Sign the Click Once manifests is turned off.

Updated Instructions:

Within your Solution Explorer:

right click on your project
click on properties
usually on the left-hand side, select the "Signing" tab
check off the Sign the ClickOnce manifests
Make sure you save!

edited Apr 20 '17 at 18:15

answered Mar 02 '15 at 13:17

ADL

2,707
1
16
23

2

What you said is fine and should work but didn't. In the end I had to delete the lines of code as mentioned in the answer below – Hamid Shahid Oct 29 '15 at 10:14
1

What does this do/what does this action mean? – LazerSharks Feb 26 '16 at 22:33
@TrailMix It will modify you config file appropriately. – ADL Oct 04 '16 at 22:30
1

this gave me a solution for vs2010 :) up ! – jace Nov 22 '16 at 05:45
1

Nice answer! I am using VS2012 and it really works! +1 – kiLLua Jan 26 '18 at 00:59
@HamidShahid It did not work for you because you need to make the change and then save. Cheers. – ADL Feb 05 '18 at 23:04
Worked great in VS2010 – Cory Baumer May 26 '18 at 05:35
This worked on a project that I had originally developed in VS 2017 and we moved to VS 2019. Thanks! – Frank Silano Oct 05 '20 at 13:26

score 21 · Answer 3 · edited Apr 29 '18 at 10:24

21

It's simple!!

I resolved this problem by following this steps:

Open project properties
Click on Signing Tab
And uncheck "Sign the assembly"

That's it!!

edited Apr 29 '18 at 10:24

Brino

2,442
1
21
36

answered Apr 29 '18 at 03:37

Amit Kadam

589
6
7

2

This may prevent publishing (if we care) but now it runs. – gbarry Mar 16 '22 at 19:17

score 15 · Answer 4 · edited Apr 10 '22 at 09:13

15

Try this:

Right click on your project → Go to properties → Click signing which is left side of the screen → Uncheck the Sign the click once manifests → Save & Build

edited Apr 10 '22 at 09:13

Uwe Keim

39,551
56
175
291

answered Nov 28 '16 at 08:53

xoxo

1,248
14
19

In additional, SignManifest value can be set to false in the .csproj file of the relevant project – Jesse Nov 08 '22 at 13:07

score 13 · Answer 5 · edited Nov 28 '15 at 06:38

13

Open the .csproj file in Notepad.

Delete the following information related to signing certificate in the certificate store

<PropertyGroup>
  <ManifestCertificateThumbprint>xxxxx xxxxxx</ManifestCertificateThumbprint>
  <ManifestKeyFile>xxxxxxxx.pfx</ManifestKeyFile>
<GenerateManifests>true</GenerateManifests>
<SignManifests>false</SignManifests>
</PropertyGroup>

edited Nov 28 '15 at 06:38

Ghasem

14,455
21
138
171

answered Aug 13 '14 at 12:51

Rajamohan Rajendran

369
1
3
13

score 6 · Answer 6 · answered May 05 '16 at 15:50

Go to your projects "Properties" within visual studio. Then go to signing tab.

Then make sure Sign the Click Once manifests is turned off.

OR

1.Open the .csproj file in Notepad.

2.Delete the following information related to signing certificate in the certificate store xxxxx xxxxxx xxxxxxxx.pfx true false `

Worked for me.

score 4 · Answer 7 · answered Oct 27 '14 at 17:52

Assuming this is a personal certificate created by windows on the system you copied your project from, you can use the certificate manager on the system where the project is now and import the certificate. Start the certificate manager (certmgr) and select the personal certificates then right click below the list of existing certificates and select import from the tasks. Use the browse to find the .pfx in the project (the .pfx from the previous system that you copied over with the project). It should be in the sub-directory with the same name as the project directory. I am familiar with C# and VS, so if that is not your environment maybe the .pfx will be elsewhere or maybe this suggestion does not apply. After the import you should get a status message. If you succeeded, the compile certificate error should be gone. certmgr screen

score 0 · Answer 8 · edited Nov 28 '15 at 06:38

0

To sign an assembly with a strong name using attributes

Open AssemblyInfo.cs (in $(SolutionDir)\Properties)

the AssemblyKeyFileAttribute or the AssemblyKeyNameAttribute, specifying the name of the file or container that contains the key pair to use when signing the assembly with a strong name.

add the following code:

[assembly:AssemblyKeyFileAttribute("keyfile.snk")]

edited Nov 28 '15 at 06:38

Ghasem

14,455
21
138
171

answered Aug 19 '12 at 17:23

QuangNHb

304
2
9

Adding this line doesn't make a difference, I still get the same error. – Marcus Aug 24 '12 at 14:41

score 0 · Answer 9 · answered Aug 23 '12 at 21:10

0

It is not enough to manually add keys to the Windows certificate store. The certificate only contains the signed public key. You must also import the private key that is associated with the public key in the certificate. A .pfx file contains both public and private keys in a single file. That is what you need to import.

answered Aug 23 '12 at 21:10

Owen Wengerd

1,628
1
11
11

Thanks but already tried that. Visual Studio should automatically add the certificate when you create a new one anyway. However I have tried adding the .pfx file manually too. Left windows to install it in the correct certificate store and also added it to my personal store. – Marcus Aug 23 '12 at 21:52
The private key is not stored in the certificate store. Please read this, maybe it will help you understand the distinction: http://technet.microsoft.com/en-us/library/cc962112.aspx – Owen Wengerd Aug 24 '12 at 03:07
1

I should add that you can verify that the associated private key is available by opening the certificate property window in certificate manager. If the private key is available, the following text is displayed at the bottom of the General page: "You have a private key that corresponds to this certificate". If you do not see that text, the private key is not installed. – Owen Wengerd Aug 24 '12 at 03:14
Yes it does say "You have a private key that corresponds to this certificate". – Marcus Aug 24 '12 at 14:23
I think that rules out the key or the certificate as the problem. – Owen Wengerd Aug 24 '12 at 15:30

score 0 · Answer 10 · answered Aug 24 '12 at 15:39

0

You said you copied files from another computer. After you copied them, did you 'Unblock' them? Specifically the .snk file should be checked to make sure it is not marked as unsafe.

answered Aug 24 '12 at 15:39

Owen Wengerd

1,628
1
11
11

It's not blocked, it came over from Windows Live Mesh syncing software. However it's irrelevant since even creating a new key inside Visual Studio on the laptop won't work. – Marcus Aug 25 '12 at 12:56

score 0 · Answer 11 · answered Jul 03 '18 at 22:58

If you need just build the project or solution locally then removing the signing might be a dead simple solution as others suggest.

But if you have this error on your automation build server like TeamCity where you build your actual release pieces for deployment or distribution you might want to consider how you can get this cert properly installed to the cert store on the build machine, so that you get a signed packages at the end of the build.

Generally it is not recommenced to check-in/commit any PFX certificates into source control, so how you get this files on your build server during the build process is a bit another question, but sometimes people do have this file stored along with the solution code, so you can find it in the project folder.

All you need to do is just install this certificate under proper account on your build server.

Download PsExec from Windows Sysinternals.
Open a command prompt, and enter the following. It will spawn a new command prompt, running as Local System (assuming that your TeamCity is running under the default Local System account):

> psexec.exe -i -s cmd.exe
In this new command prompt, change to the directory containing the certificate and enter the filename to install (change the name of the file to yours):

> mykey.pfx
The Import Certificate wizard will start up. Click through and select all the suggested defaults.
Run the build.

All credits goes to Stuart Noble (and then further to Laurent Kempé I believe ☺).

score 0 · Answer 12 · edited Aug 17 '21 at 20:15

0

Just ran into this (again), due to PFX cert not being included in the code, for security.

For local testing, like Debug builds, the lead programmer of this solution had me go into Properties, Signing, click on "Create Test Certificate". In our setting he said just click ok, but one can put in a strong password here if warranted/needed.

edited Aug 17 '21 at 20:15

Dharman

30,962
25
85
135

answered Aug 17 '21 at 20:10

DigDug

25
8

“Unable to find manifest signing certificate in the certificate store” - even when add new key

12 Answers12

Linked