Digital Certificates

Visual LANSA Framework

Digital Certificates
How are .NET applications signed at compile time?

If you have a digital certificate that is issued by a certification authority (such as VeriSign) you can sign your VLF.NET application to ensure their authenticity to end-users. To do this you need to specify the Certificate File (PFX) and optional Certificate File Password in the Developer Preferences tab. These are used when you save your Framework to digitally sign your VLF.NET application.

 

The certification authority supplied my certificate in two files: .PVK and .SPC (or .PVK and .CER). Can I use them?

Yes but you will need to create a Personal Information Exchange (PFX) file first from those 2 files. Use pvk2pfx tool to do so. The information about this tool can by found on http://msdn.microsoft.com/en-us/library/aa906332.aspx.

 

 

What happens if a valid digital certificate is not used?

If a valid digital certificate (a digital certificate issued by a certification authority) is not used, the application will be signed with an auto-generated temporary digital certificate. The application can still be deployed and run, however the first time the application is run by a user, a dialog box similar to below will appear warning the user that the publisher of the application can’t be verified.

Please note that the temporary digital certificate is generated for testing purposes only and VLF.NET applications signed with this temporary certificate should not be used in production environment.

 

Is VLF.NET a Full Trust or Partial Trust .NET application?

VLF.NET is a Full Trust .NET application. This means that VLF.NET is not subjected to code access security checking.

The ClickOnce deployment process will take care of this automatically and it is not necessary for the users or administrators to configure their computers.

If a valid certificate issued by a certification authority is used, the first time the application is run by a user a dialog box will appear, warning the user that the application requires access to the computer that is potentially unsafe.

 

I’m using a valid certificate issued by a certification authority. Is there a way to prevent the user from being prompted with the potentially unsafe access security warning dialog box?

 

Yes, your certificate will need to be added to the ‘Trusted Publisher’ section of every computer that is going to run VLF.NET. Your domain administrator should be able to configure this easily for you.

 

How are .NET applications verified at execution time?

VLF.NET applications are downloaded using a Microsoft .NET web based deployment technology called ‘ClickOnce’. The download procedure it uses automatically verifies the digital certificate associated with your application.  

 

Can I run VLF.NET over SSL (HTTPS)?

Yes, but you will need an SSL certificate issued by a trusted Certification Authority (such as VeriSign) installed on your web server. Below is an extract from MSDN in regards to ClickOnce deployment over SSL:

A ClickOnce application will work fine over SSL, except when Internet Explorer raises a prompt about the SSL certificate. The prompt can be raised when there is something wrong with the certificate, such as when the site names do not match or the certificate has expired. To make ClickOnce work over an SSL connection, make sure that the certificate is up-to-date, and that the certificate data matches the site data.