ClickOnce de-signs our executable and says "Unknown Publisher"

Question

We are developing an application to be deployed via ClickOnce. We have a VeriSign code signing certificate that we are using to sign our application (via signtool.exe post-build) and our ClickOnce manifests. We are currently having two problems related to signing:

1. We are signing our .exe using our certificate. After building our application, we can see that it is signed (e.g., via "signtool verify /pa TheExecutable.exe"). But after installing the application via ClickOnce, the .exe is no longer signed.

2. We are signing our ClickOnce manifests using our certificate. But when we try to install the application via ClickOnce, the ClickOnce installer says "Unknown Publisher".

Issue #1 has always happened. Issue #2 has sometimes mysteriously disappeared, but it always comes back shortly thereafter, and we have been seeing it consistently for a few weeks now.

Any ideas?

Answer 1

Alright, solved the mystery for 1/2 of this question: ClickOnce takes the application manifest from bin, but takes the actual EXE from obj. In order to distribute your signed exe then, you must sign the file in the obj directory.

EDIT: Here's the other half. Installing .NET 4.5 Beta breaks ClickOnce signing / verification, even in VS2010.