We are developing an application to be deployed via ClickOnce. We have a VeriSign code signing certificate that we are using to sign our application (via signtool.exe post-build) and our ClickOnce manifests. We are currently having two problems related to signing:
-
We are signing our .exe using our certificate. After building our application, we can see that it is signed (e.g., via “signtool verify /pa TheExecutable.exe”). But after installing the application via ClickOnce, the .exe is no longer signed.
-
We are signing our ClickOnce manifests using our certificate. But when we try to install the application via ClickOnce, the ClickOnce installer says “Unknown Publisher”.
Issue #1 has always happened. Issue #2 has sometimes mysteriously disappeared, but it always comes back shortly thereafter, and we have been seeing it consistently for a few weeks now.
Any ideas?
Alright, solved the mystery for 1/2 of this question: ClickOnce takes the application manifest from
bin, but takes the actual EXE fromobj. In order to distribute your signed exe then, you must sign the file in theobjdirectory.EDIT: Here’s the other half. Installing .NET 4.5 Beta breaks ClickOnce signing / verification, even in VS2010.