Cannot import the following key file error when importing pfx

Question

I researched this question thoroughly on stackoverflow and I have seen numerous answers but none of them have worked for us yet. We recently bought a code signing certificate from comodo that we are going to use to sign our c# WPF .net4 application.
We have followed the instructions on the following URL

and have then imported the certificate in visual studio under 'project properties->singing->sign the assembly'. We then try to build the project and get the following error:

Cannot import the following key file: comodo.pfx. The key file may be password protected. To correct this, try to import the certificate again manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_xxxxxxxxxxxxxxx.

We have found numerous solutions on the internet and have tried the following:

• Click on Change Password and use the same password in all 3 places
• sn -i [comodo].pfx VS_KEY_xxxxxxxxxxxxx
• tried converting it to password-less snk file and use that instead of .pfx
• Tried running visual studio as admin and importing key
• Tried creating very simple barebones project and signing with that
• Tried visual studio 2010 as well as 2012
• We tried adding the following to the assembly [assembly: AssemblyKeyFile("path to key file")]
• Added event in postbuild "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /f "$(ProjectDir)[keyfile].pfx" /p [thepassword] /v "$(ProjectDir)obj\Release\$(TargetFileName)"

• Added in a section in the .csproj file:

• Downloaded http://visualstudiogallery.msdn.microsoft.com/a83505c6-77b3-44a6-b53b-73d77cba84c8 and clicked 'Apply Fix' on the error

We have had no success thus far. We can import the key just fine using the password so we know the password is correct. We also know that this works fine for signing the manifest in a clickonce publish. Just to make sure we weren't having any other issues, we turned off the cilckonce signing and are just trying to sign the assembly.

Answer 1

1. Navigate to Project Properties --> Signing
2. Please select corresponding *.pfx file from drop down.
3. Enter the previous password used for code signing. (password: ask the person who has signed the assembly and created the self signed certificates and code signed)
4. (optional) It automatically adds your certificate as trusted. It can be seen using Management console window ( run MMC command and add certificate add-snaps to see the certificate)

Answer 2

I had the same issue. I am building the application from a thumb drive on numerous computers and believe this is the cause.

I found success with the "sn -i [comodo].pfx VS_KEY_xxxxxxxxxxxxx" method. I did the following steps:

1. Run "Developer Command Prompt" as administrator (found in Start->All Programs->Visual Studio->Tools)
2. Navigate to your key directory (for me this was the root of my project directory, not the solution directory)
3. Execute "sn -i mykey.pfx VS_KEY_xxxxxxxxxxxxx" (mykey.pfx and VS_KEY_xxxxxxxxxxxxx are both found in the build error message)
4. Enter the password if required

When I tried this without running "Developer Command Prompt" as an administrator, I get the help display text when running "sn -i mykey.pfx VS_KEY_xxxxxxxxxxxxx" and it does not work. The trick was to make sure I ran the develop prompt as an administrator.

For context, I am using VS Community 2013.5, Window 7 x64 Professional, and NET Framework 4.7

Answer 3

I have learned that Visual Studio doesn't seem to handle subordinate certificates very well.
I tried several certs on multiple machines (different OS/VS combinations) with the same results.
I finally found this as a workaround:

• Sign the assembly with

  signtool sign /f "[path to pfx]" /p [password] /v "[path to assembly]"

• Build your installer with mageUI (see "Manually Deploying a ClickOnce Application")

The issue with Visual Studio seems to be that it does not like certificate chaining. This you can solve by importing/exporting the certificate without the chaining. The next issue is addressed by using the certutil and export with the AT_SIGNATURE. I was able to import it into VS and build, however it doesn't seem to sign the assembly.

Answer 4

For me following worked, First Install certificate by double clicking on it. then,

Project Properties -> Signing -> If 'Sign the ClickOnce manifests' is checked -> click on 'Select from file' and select .pfx file and it should show all the certificate valid details like Issued to, Issued By, Intended Purpose etc.

Answer 5

Another 'worked for me' ...

Right-clicked on the PFX in Windows Explorer, chose 'Install PFX' and in the wizard supplied the password. Then in the project properties in VS, under 'Signing' chose 'Change Password' and re-entered the password. Prior to this only running VS as administrator would work.

Answer 6

Best solution I can think of is go to Project --> Properties --> Choose a strong name key file dropdown and select "New" --> Create the key and then go to Certificate section on top --> click Select from File and choose the new Key you created --> Build Solution --> Publish.

Answer 7

You can simply open "Project > Property > Signing" and uncheck the "Sign the ClickOnce manifests" checkbox.

Answer 8

I got similar error. Solved it by choosing Install PFX from a context menu in Windows Explorer.