msbuildhudsonjenkinsclickoncecode-signing

MSBuild cannot sign a ClickOnce manifest using a temporary key (errors MSB3326 and MSB3321)


I am trying to build a ClickOnce Windows Forms project (.NET 3.5 / Visual Studio 2010) on a Windows Server computer. (In an effort to automate the build process with Hudson CI.)

For signing the ClickOnce manifest I created a temporary key in Visual Studio, temp.pfx. I can successfully build and deploy the project from Visual Studio on my workstation. But when running MSBuild on the server I get the following error messages:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.targets(1970,9): error MSB3326: Cannot import the following key file: . The key file may be password protected. To correct this, try to import the certificate again or import the certificate manually into the current user's personal certificate store. [C:.hudson\jobs[...].csproj]

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.targets(1970,9): error MSB3321: Importing key file "temp.pfx" was canceled. [C:.hudson\jobs[...].csproj]

I tried all of the following questions and answers without luck:


Update: I tried to open the solution in Visual Studio on the same server and build it. I get the same error. When I try to re-import the PFX file in the project properties' Signing tab, it tells me "invalid password". If I try to import the very same file in the very same solution in Visual Studio on my workstation and provide the very same password, it is accepted.

Update 2: If I take an old temporary key which I had generated with Visual Studio 2008, it can be successfully imported in the certificate store of our server; any temporary keys I newly create with Visual Studio 2010 cannot be imported.

Update 3: I was able to create a new "temporary key" in Visual Studio on the server and use it both on the server as well as on my workstation for signing the ClickOnce manifest. I only cannot make up a reasonable explanation for it - both computers are 64-bit, and I am using Visual Studio 2010 on both. Both have the v3.5 and v4 (4.0.30319) .NET framework installed. My workstation is a Windows 7 Professional, and the server is a Windows Server 2008 R2 Standard.


Solution

  • Copy the PFX file over to the machine you are doing the builds on. Double-click on it, and install it in the certificate manager on the machine. Be sure you are logged into the account used to do the builds.

    Other suggestions/questions: Do you have the right version of .NET installed on the machine? Do you have privileges to write to the certificate store on that machine?

    If you open the Visual Studio project, go to the project properties and try to create a new certificate, does it work? It should create a PFX file and add it to the project. And can you see it in the certificate store (menu Start/certmgr.msc)?