3

OK, so I have this certificate, but am confused about how to apply it to my application.

I went to the Visual Studio properties page and clicked on "signing". I checked the box that says "Sign the ClickOnce manifests" I was able to select my EV certificate from the store. All the information shows up in the "certificate box, including "Issued by: DigiCert EV code signing". I filled in the timestamp URI with the one supplied by DigiCert.

I then proceed to publish the application, but when I install it I still get "unknown publisher" and Windows 8 SmartScreen filter throws a warning.

Obviously I am either doing something wrong or there is something more I need to do, I just don't know what it is.

jwitt98
  • 1,194
  • 1
  • 16
  • 30
  • Take a look at my answer [here](http://stackoverflow.com/a/16040775/2132796). – Stefan Over Feb 14 '14 at 13:45
  • @Herdo - I was reading the article in the link of your other post until I came across this: "Next, the certificate used to sign a ClickOnce application must be configured in the Trusted Publishers certificate store on the user's machine". When I looked at the "Trusted Publishers" on my local machine, the only trusted publisher is "Oracle". So, does this mean the certificates have to be installed first in each user's Trusted Publishers certificate store? How is that possible? – jwitt98 Feb 14 '14 at 15:56
  • Publishing my app - signed with my dev cert - to my server and running the setup also prompts me the security warning you mentioned on Win 8.1. My certificate is stored in the *Trusted Root CA* store, but not in the *Trusted Publisher* store. So I guess, as the guide says, you need to install your cert in that store. Can you verify, that the DigiCert certificate, mentioned as root CA for your certificate, is in the client *Trusted Root CA* store? – Stefan Over Feb 14 '14 at 18:11

1 Answers1

2

the problem is that Signing tab only signs setup.exe - but not the actual application.exe file. This way you don't get a "warning" prompt when you install the app, but you get it when you run it. You need to sign application.exe separately - and there is no UI for that in Visual Studio, you need to use PostBuild task: https://stackoverflow.com/a/18636102/1246870

Community
  • 1
  • 1
avs099
  • 10,937
  • 6
  • 60
  • 110
  • Thanks... I'm still having other issues signing my app which is not related to this problem, but you are correct – jwitt98 Feb 18 '14 at 03:25