Dot Net Tips and Tricks

I recently wanted to use the internal Certificate Authority for all our code signing requirments. After several hours of pain I was able to get it to work but thought I’d document the procedures so other’s won’t have the same problems.

1. Ensure a Certificate Authority is installed and running on the Active Directory domain.
2. The windows certificate authority uses a web based request form so open IE and browse to the site. (ex http://someserver/certsrv)
3. When requesting the certificate, you will need to choose advanced for certificate type and select code signing as the type. Also ensure you choose Microsoft Enhanced Cryptographic Provider and not the Basic or RSA provider. (I’ll explain below) Figure 1
4. Choose to Mark Keys as Exportable and choose a password. Save the file with a *.pvk extension.
5. Click submit. You will be prompted to save the pvt and then click to save the certificate. Do not save the full certificate path as strong naming does not support certificate chaining.
6. Open a Visual Studio command prompt and navigate to the location you saved the files.
7. Type cert2spc yournewfile.cer yournewfile.spc where yournewfile is the filename you gave the pvk when saving it. This will convert the cer to a compatible spc file.
8. Type pvk2pfx -pvk yournewfile.pvk -spc yournewfile.spc A wizard will open, follow prompts making sure to check the box to make the private keys exportable.
9. The new *.pfx file can be used to sign assemblies and the computers inside the network will be able to verify the certificate against the internal Certificate Authority.

You will receive the dreaded “Error Importing Key - Object already existing” error when trying to compile if you choose the wrong provider, ie the provider is incompatible with Visual Studio code signing.
Figuring this was a straight forward procedure, I requested a certificate and private key pair from the Certificate Authority and that’s where the trouble started.

We have recently installed Mantis bugtracking system which integrates nicely with Subversion. The previous post talked of BugId feature in TortoiseSVN and we use this to tie the committing of code with a bug. I’ve added the following code to a PostCommit.bat hook in the Subversion repository.

REM Post-commit hook for MantisBT integration SET REPOS=%1 SET REV=%2 SET DETAILS_FILE=D:\PHPUploadTemp\svnfile_%REV% SET LOG_FILE=D:\PHPUploadTemp\svnfile_%REV%_Log echo ****** Source code change ******>>%DETAILS_FILE% svnlook log -r %REV% %REPOS%>>%DETAILS_FILE% echo SVN Author:>>%DETAILS_FILE% svnlook author -r %REV% %REPOS%>>%DETAILS_FILE% echo SVN Revision:%REV%>>%DETAILS_FILE% svnlook diff -r %REV% %REPOS%>>%DETAILS_FILE% "D:\Progra~1\PHP\php.exe" D:\Progra~1\Apache~1\Apache2\htdocs\Tracker\core\checkin.php

We have now moved to the VisualSVN product for a Subversion plugin for Visual Studio. Ankh did not support BugId integration. VisualSVN uses TortoiseSVN as the backend for connecting to the Subversion repository. If you’re using Subversion in a Visual Studio environment, due yourself a favor and try VisualSVN.