Install a ClickOnce certificate on TeamCity

So I actually just lifted this little snippet about installing ClickOnce certificates on TeamCity from another blog by Laurent Kempé. Unfortunately it appears to have gone offline for good, but thanks to the power of Google Cache I was able to bring it back from the dead and re-record it here for (hopefully) posterity.

Just recently I discovered that ClickOnce had been turned on for the project of one of our WebJobs. The certificate had expired and it was failing the build, both on my development machine and on our TeamCity server.  I’m not sure if it is actually needed for WebJob deployments to production environments, but I decided to replace it and just figure that out later. Easily done in Visual Studio using the “Create Test Certificate” button under the Signing tab in the project properties. In actual fact, this is all that had been done by the original developer, so I’m okay with figuring out what should be done later for now.

I checked in the project changes to Git, including the new PFX certificate Visual Studio created. But nothing changed, the build was still failing with “error MSB3323: Unable to find manifest signing certificate in the certificate store”. The following are the steps I took per the advice in Laurent’s blog post (this assumes TeamCity is running under the Local System account.

  1. Download PsExec from Windows Sysinternals.
  2. Open a command prompt, and enter the following. It will spawn a new command prompt, running as Local System:
    > psexec.exe -i -s cmd.exe
    
  3. In this new command prompt, change to the directory containing the certificate and enter the filename to install:
    > mykey.pfx
    
  4. The Import Certificate wizard will start up. Click through and select all the suggested defaults.
  5. Run the build.

2 Replies to “Install a ClickOnce certificate on TeamCity”

  1. THANK YOU! I knew it had to be something like this. All the top “answers” I find on the net assume I just don’t want to sign the ClickOnce manifests and suggest turning that option off. But, believe it or not, I actually have a cert and need to sign my app!

Leave a Reply

Your email address will not be published. Required fields are marked *