We have a utility we created to sign our XBAP manifest file. This is the following code that it executes:
cert = new X509Certificate2(certFilePath, password, X509KeyStorageFlags.MachineKeySet);
SecurityUtilities.SignFile(cert, null, manifest.SourcePath);
The SignFile method takes more than two minutes to complete. We previously used a Thawte authenticode certificate to sign our manifest. After switching to VeriSign, this issue started appeared. Also, when Visual Studio signs the XBAP manifest during the build process, it usually takes between seven and nine minutes to complete.
I've tried putting the private key in the local computer store. I've tried putting the intermediate VeriSign code-signing certificate in the intermediate certificate authorities store.
Has anyone experienced this before and/or have ideas as to how to remedy the issue?
I believe my issue is caused by the lack of internet access on the server that is executing this code. Using a packet analyzer I noticed that during signing the application and/or Windows is trying to access VeriSign's certificate revocation lists (CRLs) and it's Online Certificate status Protocol (OCSP). These actions are timing out. This code signing was occurring more than once and therefore causing the delay to be longer. Allowing access to VeriSign through the fire should fix this.