Visual Studio 2008 Error importing key Object already exists

Hi,

I am using VS 2008 Professional.

I am trying to sign assemblies using a Comodo Code signing certificate.

I have followed all the steps to create pfx and snk files from the issued certificate.

When I try and sign any dll using mypfx file I get the error message “Error importing key Object already exists”

There does not appear to be any information about how to solve this problem on the net.

Does anyone have any insight into this issue?

Note that everything works fine with .snk files generated using the sn.exe -k option

Regards

AndyB

Hi,

Follow the below link to solve your issue.

Thanks.

I have followed the instructions at the link above, including installing the 64-bit version of OpenSSL and using the two commands specified.

The good news is that the resulting PFX does not generate an error during compile.

The bad news is that my compiled EXE still says “Unidentified Publisher” (exactly the same thing as an unsigned app).

What am I doing wrong?

Sorry, some background stuff:

I am trying to sign an EXE that must run with elevated priviledges (in Administrator mode). The manifest has this:

Development machine: Vista Enterprise x64, MS Visual Studio 2008 Team / Database, UAC off

Target machine: Vista Ultimate x64, UAC on

Obviously, I have a Comodo code signing certificate. Using it “as is” (exported to PFX using certificate manager with all options except Export Private Key off), and using certutil, both cause errors. Using the OpenSSL fix gets rid of the error, but does not seem to sign the assembly.

Hi,

Obviously, I have a Comodo code signing certificate. Using it “as is” (exported to PFX using certificate >manager with all options except Export Private Key off), and using certutil, both cause errors. Using the >OpenSSL fix gets rid of the error, but does not seem to sign the assembly.

  1. What errors you got?
  2. How do you sign your exe file? Are you using signtool?

Thanks.

When using the Solution Properties → Signing → Sign the Assembly (NOT signtool.exe), the following occurs:

If I export the original certificate from Comodo and use the certutil.exe fix, I receive the “Object already exists” error on compile.

If I export the original certificate, then modify using OpenSSL saving to a .key file, and then re-creating a .pfx file, there is no error on compile. However, the EXE that is created is not signed – right clicking the EXE, and selecting properties shows no Digital Signatures tab. Also, the application comes up with the ugly UAC warning on privilege elevation.

  • WORKAROUND -

Signtool.exe works using the original provided certificate (and pretty much any variation of exported/reimported). However, it is a pain in the neck. Here is my procedure, on a solution that has my application project, and an Installer project:

  • I am using the 64-bit signtool.exe from the .NET framework 2 that is 75,776 bytes and dated 9/23/2005.
  • “Sign the Assembly” is unchecked (not turned on)
  1. Open the solution that contains both the application project and the installer project.
  2. In the solution explorer, click on the application project, click Build-> Build (build the application project, not the installer project, nor the entire solution)
  3. Open cmd, run signtool with the signwizard option: signtool.exe signwizard
  4. Browse to the obj\Release directory and select the EXE (NOT the exe in the bin directory)
  5. Select Typical
  6. Select from Store (the other buttons are greyed out), click Comodo certificate
  7. Skip the description (Next)
  8. Check Timestamp, use Timestamp Server And Stamping Protocols | Sectigo® Official

Now, MYPROGRAM.EXE is signed.

  1. Copy from the obj\Release directory to the bin directory. This step isn’t necessary if you’re continuing on, as step 10 copies the file from obj\Release → Bin; if you signed the copy in the Bin directory, it will get overwritten by the unsigned one obj\Release.

  2. Click the installer project and build it (do not rebuild the application project!)

  3. Go to the Bin directory, right click .exe, click properties, and make sure that the Digital Signatures tab is there.

  4. Open cmd, run signtool with the signwizard option: signtool.exe signwizard

  5. Go to the Installer\Release directory, select all file types, and select the .msi (not setup.exe)

  6. Repeat steps 5-8

You now have a signed installation package. Note that it was not necessary to create a PFX; everything is done from the certificate store.

Now, this is a horrible pain in the neck, because there are many little steps, and Visual Studio will sometimes recompile .exe when the msi (installer) is built. This means the new msi has an unsigned EXE in it, and you don’t know this.

It would be so much better if you culd simply click “Sign the Assembly” and have it all work automatically…

Thank you,

Phil