4

I have a ClickOnce application that has been deployed to many users that was signed with a certificate that was located on a previous developer's computer. The certificate has expired since that developer left the company. In order to re-publish the application from another machine we need to be able to find the original certificate and update it with an extension. I have access to the previous developer's computer, but I cannot locate the original .pfx file to copy and update the certificate. I also have access to all of the previously deployed files.

We attempted to deploy the application and received the error:

The deployment identity does not match the subscription.

My best guess is that it is, in fact, the different certificate causing this error based on an MSDN forum question and response, Deployment identity does not match the description. However, it is worth noting that we have both changed the machine from which the code is being deployed and also updated the solution to Visual Studio 2010 (the platform and configuration are the same though).

How do I retrieve the original certificate information from the previous developer's machine or the deploy files? Or are we possibly going down the wrong hole trying to resolve this?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
badpanda
  • 2,446
  • 5
  • 34
  • 45
  • We ended up resolving this by republishing to a different file share, as we needed to do that anyway, and sending out a link to all of the users to re-install. – badpanda Jan 28 '13 at 20:18

1 Answers1

3

If the physical access to the machine/user account is available, it should not be a problem to retrieve the certificate, provided it was not protected with a custom password at the time of import. The export wizard can be launched from Internet Explorer Options as shown on the picture. Look up the desired certificate in one of the tabs (typically, in Personal tab). Use PFX format to export both private and public keys.

enter image description here

Another way to access the Export wizard is through the MMC snap-in.

[UPDATE] For the answer's completeness sake, it is impossible to retrieve the private key from a signed deployment file as it only contain the public part of the encryption key. Perhaps, in the OP's case the private key is still there, buried somewhere in the file system of the development machine (as .PVK file), although it'd be a bad practice to store it like that. More details about certificate file types can be found here. I would rather expect both private and public keys to be found in the machine's certificate store, as described above.

Community
  • 1
  • 1
noseratio
  • 59,932
  • 34
  • 208
  • 486