Click Once Certificate Renewal VB.NET


This document details the steps necessary to renew an existing code signing certificate for use with click once applications.

Using a new certificate is not an option when the client PC is windows 2000 as it will not update using my standard click once code. With a new certificate I would have to uninstall and re-install your application on all client PCs. I my case this was over 150 clients.

NOTE: This method was used on an internal application and was not tested on any applications using click once over the internet.

Export Current Certificate Using IE

The first step is to export the existing code signing certificate. I believe I needed to do this step because my code signing certificate was generated using Novell tools and not Microsoft tools. Also, during the export the private key is included, which is needed for the renewal.

Open Internet Options in IE, then click Certificates as shown below:

internet options

Select the certificate you wish to export as shown (pretend this one is expiring or expired):


Click Export, then click next, you should see the screen shown below, click the option to export the private key:


Click next; you should see the screen below, set the options as shown:

cert export wizard 2

Click next and enter the password if required, as shown below:


Click next and then select a new file name to export to as shown below. Note that this should not be your final file name, just a temporary name. I also didn’t use the current name, since this file contains the private key:


Click next, which will take you to the screen shown below:

cert export complete

Click finish, to create the certificate.

Renew the Certificate Using RenewCert.exe

Downloaded RenewCert.exe from The file is also available here:

The syntax for the command is as follows:

renewcert <OldCertificate>.pfx <NewCertificate>.pfx CN=<NewCertificateName> <Password>

At the command prompt I typed the following:

C:>renewcert current.pfx ISApplications.pfx CN="IS Applications" password

The following should be displayed after a successful renewal:

Certificate's container name is: {1593A58B-A295-4B2A-8778-D5E86107E68B} [39]
CertNameToStr: CN=IS Applications [19]
Created File: C:TempISApplications.pfx

Update and Publish Applications

Use this new certification in all applications that used the old certification and publish. I am using VB.NET 2005 in this example. Click Signing on the applications properties page and then click Select from File as shown below. Enter a password if required. Finally, publish the application with the updated certificate. certsigningvb The application will update without any user prompts.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.