I have an EV code signing certificate from ssl.com and I'm trying to sign a ClickOnce application to get rid of the warning messages when the users install the application, however, I wasn't able to do it so far. The certificate is properly configured as I can use SignTool.exe to sign setup.exe, but this is not enough, as I apparently need to sign the .manifest and .deploy files using Mage.exe as per this MS article. However, with the private key stored on the hardware token, I get the following result for this command (note, I'm using Mage version 4.8.3928.0 and Visual Studio 2019 on Windows 10):
mage -Update "MyApp.exe.manifest" -CertHash "xxxxxxx" -csp "Microsoft Smart Card Key Storage Provider" -KeyContainer xxxxxxx
This certificate does not contain a private key - "xxxxxxx"
This certificate cannot be used for signing - "xxxxxxx"
Note that in this article, TanyaSolyanik from Microsoft says that Mage.exe version 4.7 only supports certificates with private key in store, and that 4.7.1 will fix this. I’m using version 4.8 but it’s still not working.
I think I read every article I can find by Google, and every relevant stackoverflow question that I could find, but nothing helped. Note that some questions like this one talks about using the built in signing feature in Visual Studio publish, however, when I try this, I cannot find my EV certificate in the list of certificates in the store, because it does not have a private key.
