2

First, I know there are a lot of posts about clickonce test certificates renewal on OF but this is not the core of the question.

I have an internal clickonce app signed with a Test Certificate that expired. We now need to deploy a new version but we don't want to force everyone to reinstall our app and risk them to lose personnal settings.

I tried using OceanAirdrop's ExtendClickOnceCertificate (a derivative from the original MS RenewCert application) but I always end up with a SHA1 certificate while the original one is SHA256. How can I get it (or any other renewal tool) to really make an extended clone of the original?

(The basic renewal problem was already discussed here. This question is about the renewal of a SHA256 certificate)

bkqc
  • 831
  • 6
  • 25

1 Answers1

0

I solve this issue by downloading ExtendClickOnceCertificate and then:

I made some changes in the Crypt.cs File to solve this issue.

First add this two struct:

[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_ALGORITHM_IDENTIFIER
{
    [MarshalAs(UnmanagedType.LPStr)]
    public string pszObjId;
    public CRYPTOAPI_BLOB parameters;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct CRYPTOAPI_BLOB
{
    public uint cbData;
    public IntPtr pbData;
}

Then, modify the CertCreateSelfSignCertificate function like this:

[DllImport("Crypt32.dll", SetLastError = true, ExactSpelling = true)]
        internal static extern IntPtr CertCreateSelfSignCertificate(
           IntPtr providerHandle,
           ref CRYPT_DATA_BLOB subjectIssuerBlob,
           int flags,
           IntPtr pinfo,
           ref CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
            Native.SYSTEMTIME pStartTime,
            Native.SYSTEMTIME pEndTime,
           IntPtr extensions);

In Program.cs, before calling CertCreateSelfSignCertificate, add this:

Crypt.CRYPT_ALGORITHM_IDENTIFIER signatureAlgorithm = new Crypt.CRYPT_ALGORITHM_IDENTIFIER {
                    pszObjId = "1.2.840.113549.1.1.11"
                };

Finally, change the call to the CertCreateSelfSignCertificate to look like this:

hCertContext = Crypt.CertCreateSelfSignCertificate(hCPContext, ref certNameBlob, 0,Info,ref signatureAlgorithm, null, certExpireDate, IntPtr.Zero);

And that is all. Compile the solution and run the command. This worked for me.

Antolin11
  • 51
  • 7