I brought a code signing certificate from GoDaddy generated a .pfx file from it. But when I use this file to code sign the clickonce manifest of my outlook vsto application I get this error in visual studio
An error occurred while signing: Invalid provider type specified.
What could be the problem here? Thanks.
The signing identity stored in the .pfx container are most likely older "Cryptographic Service Providers" (CSP) style. The environment you are using to sign your package looks like required "Cryptography API: Next Generation" (CNG) provider type. The solution would be to convert your existing container to use CNG Storage Provider. This should be done by the following steps ...
Export the private key using OpenSSL into .pem format
openssl.exe pkcs12 -in <original pfx file>.pfx -nocerts -out <pem file location>.pem
Convert to PVK
pvk.exe -in <pem file location>.pem -topvk -strong -out <pvk file location>.pvk
Merge the Public and Private keys
pvk2pfx.exe -pvk <pvk file location>.pvk -pi <pvk password> -spc <pvk file location>.cer -pfx <new pfx file location>.pfx -po <pfx password>
Now you can import the newly created pfx file into the Certificate Manager. Make sure you remove the old certificate first from the Certificate Manager. Once the certificate is in place you can use certutil again to validate if the certificate is now correct.
If it now shows the provider as "Microsoft Strong Cryptographic Provider" you know the operation has been successful.
The credits goes to Remy's Blog, where you may find the full explanation on the issue with examples and verification steps... Converting Certificate to use CSP Storage Provider in stead of CNG Storage Provider.