{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做个烂人 的问题《Cannot import the keyfile 'blah.pfx' - err》','https://www.manongdao.com/q-1165944.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We just upgraded our Visual Studio 2008 projects to Visual Studio 2010. All of our assemblies were strong signed using a Verisign code signing certificate. Since the upgrade we continuously get the following error:
Cannot import the following key file: companyname.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_3E185446540E7F7A
This happens on some developer machines and not others. Some methods used to fix this that worked some of the time include:
- Re-installing the key file from Windows Explorer (right click on the PFX file and click Install)
- Installing Visual Studio 2010 on a fresh machine for the first time prompts you for the password the first time you open the project, and then it works. On machines upgraded from Visual Studio 2008, you don't get this option.
I've tried using the SN.EXE utility (Strong Name Tool) to register the key with the Strong Name CSP as the error message suggests, but whenever I run the tool with any options using the version that came with Visual Studio 2010, SN.EXE just lists its command line arguments instead of doing anything. This happens regardless of what arguments I supply.
Why is this happening, and what are clear steps to fix it? I'm about to give up on ClickOnce installs and Microsoft code signing.
I had the same problem after moving my Windows installation to an SSD. None of the other solutions worked for me.
My solution was to open the project file in Notepad and remove all references to PFX keys. Once the file is saved, open the solution in Visual Studio. Go to project -> Properties -> Signing. You shouldn't see any keys listed in the 'choose the strong name key file' combo box. In the combo box, browse to the key, select it and your project can now be built.
In my scenario the build service was not using the same user account that I imported the key with using
sn.exe.After changing the account to my administrator account, everything is working just fine.
To resolve this problem in Visual Studio 2012, I right click the project, properties -> "signing", and then uncheck the "Sign the ClickOnce manifests".
Reselecting key file in a combobox and entering password helps on this for us.
But it is needed to do each time the key file changes and it seems to be not OK.
I got the same error. In my case, I tried all of the above, but I couldn't get the result.
I finally realized that in my case, the reason for the error was that the certificate password was not entered or entered incorrectly. The error disappeared when I entered the password dynamically correctly. successful
After trying all these solutions (and a lot more), I found that the problem lies somewhere else. For people that go through the same misery as me after buying a certificate, I'll share the solution for my problem.
Behavior
I understand that 'sign' applies a strong name and not an authenticode to a DLL or EXE. This is why signtool will work in this case, but 'sign' in Visual studio will not work.
Reason
In the past I've had experience with certificates from Verisign. They have a
KeySpec=2in the certificate - which is used with the 'sign' functionality in Visual Studio. These certificates work fine for both Visual Studio and signtool.I now bought certificates from Comodo, which have an incorrect
KeySpec=1in the code signing certificates. That means these certificates work fine with signtool (authenticode) but not with strong naming (the sign drop-down).Solution
There are two ways to solve this issue:
sn -k [name].snk. Sign the assembly using the snk and afterwards use signtool with your code signing certificate to do sign the DLL/EXE with the authenticode signature. While this seems strange, from what I understand this is a correct way to deal with certificates, because strong names have a different purpose than authenticode (see also this link for details on how this works).KeySpec=2. The procedure for this is detailed here.Because I want to use multiple strong names, I currently use option (1), although option (2) also works.
To ensure this solution will never get lost in the future, here's the procedure of solution 2:
KeySpec=1) to a PFX file. Note: Please backup this file to a safe location and test if the file can be imported ok on another machine if you really want to play it safe!certutil -importPFX -user <pfxfilename> AT_SIGNATUREYou now should have a keyset/certificate with
KeySpec=2. If needed you can now export this into another PFX file using the MMC again.