I recently purchased a code signing certificate from GoDaddy. After a great deal of trouble getting the certificate fully downloaded and installed (more about that later), I then tried to sign the assemblies for an application I had just completed. To my surprise, I received the an error: “Error Importing Key. Object already exists.”
After all of the trouble I encountered getting the certificate, I was sure I had the right PFX file, with the private key embedded. I had chosen that certificate in the signing tab in the assemblies properties correctly. I was also very sure that I supplied the right password for the private key. Unfortunately, despite my best efforts, I kept getting the same error.
Thanks to the magic of search with Google, I found loads of articles and discussion groups where users were having similar troubles with the built-in VS signing. Lots of different solutions were provided. Unfortunately, none of the approaches worked. One particular discussion within the forums on MSDN gave a good, though long, summary of all of the ways some developers have tried to fix the code signing problem in Visual Studio 2008. If you have the patience to review the source material, you’ll find that most blogs or discussions revolve around the same sorts of options; again, none worked for me.
However, I then came across a blog article by John Robbins on code signing. John gave useful details about a lot of aspects of his challenges, but he also mentioned something I hadn’t seen before: using the sign tool from the Windows SDK to sign the complied assemblies worked for me [NOTE: I’m developing on Windows 7; if you’re using a different version of Windows, you’ll need to download the right version of the SDK for your environment].
While I’m not much for loads of steps and external utilities, John also gave a simple post-build macro you can have VS run. Based on this blog, this is what is in my post-build for signing the compiled assembly:
"C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\signtool.exe" sign /f [CERTIFICATE PATH] /p [PASSWORD] /t http://tsa.starfieldtech.com "$(TargetPath)"
The [CERTIFICATE PATH] sequence should be replaced with the path where you stored the certificate locally (the PFX file). The [PASSWORD] sequence should be replaced with your private key password (not the key itself, but the password you used to secure the key). The rest of the post build event is pretty generic, except the URL parameter for the timestamp server (the stuff that follows /t). That particular URL is GoDaddy’s timestamp server. If you’re using a different CA, you should use the server they provide.
I hope this helps other struggling with the same issue. If anyone has solved the problem of getting VS to handling signing through the properties dialog, I’d love to hear it.