sides of march (Brian DeMarzo)

Thoughts on life, liberty, and information technology

Create your own .pfx file for ClickOnce

Today, I needed a PFX (public key file) to sign a ClickOnce deployment. I spent a fair amount of time trying to figure this out, so I figured I’d share it!

There were plenty of suggested solutions out there, but the best one was from MSDN blogger Maxime Lamure.

In short, do the following, replacing MyCert with the certificate file name (without extension), MyName with the name you want on the certificate (your name, or a company name), and password with the PFX file password.

  1. Open a Visual Studio Command Prompt. If using Windows Vista or Windows 7, be sure to run as Administrator.
  2. Create your certificate (.cer) file by typing: makecert -sv MyCert.pvk -n "CN=MyName" MyCert.cer
  3. Create your public key (.pfx) file by typing: pvk2pfx -pvk MyCert.pvk -spc MyCert.cer -pfx MyCert.pfx -po password

At the end, you’ll have your very own certificate file and public key!

8 responses to “Create your own .pfx file for ClickOnce”

  1. H Bhatt Avatar
    H Bhatt

    R/sir,

    I could not be alble to create digital signature certificate in pfx file…kindly guide…

    Like

    Reply
  2. Solved: ClickOnce publish failing with a valid certificate « sides of march

    […] usual problem here is an expired certificate, but the certificate we’re using was created in December 2010 and expired in year 2039, so we knew expiration wasn’t a problem. The certificate file itself […]

    Like

    Reply
  3. Vasile Avatar
    Vasile

    Hi,

    I know it’s an old post, but for the sake of correctness note that password is the resulting pfx file’s password, not the public key password. The public key is already public as its name implies. The pfx file embeds the private key (required for the signing process), that’s why it’s protected by a password.

    Regards,
    Vasile

    Like

    Reply
  4. brian Avatar
    brian

    Thanks, I just updated the wording!

    Like

    Reply
  5. pihu Avatar
    pihu

    Kindly tell us the detailed view – IS CN = Computer Name??
    Where these files are located? please help

    Like

    Reply
  6. brian Avatar
    brian

    CN in this context is “Canonical Name” — usually the company name. See http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx for more details.

    Example:
    makecert -sv MyCert.pvk -n “CN=ACME, Inc.” MyCert.cer

    Like

    Reply
  7. sukhvinder Avatar
    sukhvinder

    please sir, guide me how to create digital signature

    Like

    Reply
  8. Almas Avatar
    Almas

    I have .cer file generated by CA from my certificate request.
    I do not have .pvk file.
    But I need .pfx file.
    How can i convert my .cer to .pfx?

    Like

    Reply

Leave a reply to pihu Cancel reply