We recently got a code signing certificate that we use to sign our ClickOnce installation.
Will we be able to renew the certificate when it expires? Renewing the same certificate would be preferred, as that would make the ClickOnce just keep working. If we have to buy an all new certificate we will have to find a way to work around this problem.
It is not possible to renew a code signging certificate, you need to buy a new certificate after expiry. But to solve this issue you need to use a timestamping option while signing your application so that when your certificate expires your signed application will not show any expiry warnings.
As I understand it, using Timestamping will only allow my program to keep running after the certificate has expired, but it will not update. Using a new certificate for signing will force all our users to a manual reinstall. This is the problem that I would like to solve.
SmartScreen is still in its infancy and its still quite the joke. It does more harm than good as it hurts the “little” guys more so than the big guys. It’s a never ending cycle with Microsoft in this respect.
Re-using the same private key year after year is considered to be bad key hygiene. Just because you can do it doesn’t mean that you SHOULD do it.