Obtaining a code-signing certificate

Article:HOWTO58561  |  Created: 2011-08-01  |  Updated: 2013-07-12  |  Article URL http://www.symantec.com/docs/HOWTO58561
Article Type
How To


Obtaining a code-signing certificate

One of the fundamentals of the ClickOnce design is that deployment packages must be secure and trusted. So, it is a requirement that all ClickOnce packages are signed using a suitable code-signing certificate. If you do not have one, you can make a self-signed certificate by running Microsoft's Certificate Creation Tool (Makecert.exe). This tool is available in recent versions of Visual Studio and the Windows SDK.

To make a self-signed certificate

  1. Open a Command Prompt window.

  2. Change to the folder in which you have installed Makecert.exe.

  3. Type the following command:

    makecert -a sha1 -b mm/dd/yyyy -e mm/dd/yyyy -eku oid -n "CN=certificate_name" -pe -r -ss store

    where the parameters are as follows:


    Specifies that you want to use SHA-1 as the signature algorithm.


    Specifies the date from which the certificate is valid.


    Specifies the date on which the certificate expires.


    Inserts one or more key usage object identifiers (OIDs) into the certificate to denote that the certificate is intended for code signing.


    Specifies the certificate name. This name must conform to the X.500 standard. The simplest method is to enclose the name in double quotation marks and precede it with CN=; for example, "CN=myName".


    Marks the generated private key as exportable so that you can include it in the certificate.


    Creates a self-signed certificate.


    Identifies the certificate store in which to store the output certificate. Enter My to store the certificate in your personal store.

    For more information on these options, see the following article on the Microsoft website:


    For example, the following command creates a self-signed certificate that "YourCompany Inc" has issued and that is valid until January 2036. The command imports the certificate directly into your personal certificate store:

    makecert -a sha1 -b 01/01/2000 -e 01/01/2036 -eku -n "CN=YourCompany Inc" -pe -r -ss My

See Using ClickOnce to deploy the Compliance Accelerator client

See Obtaining the SHA-1 thumbprint of the code-signing certificate

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO58561

Terms of use for this information are found in Legal Notices