ClickOnce-signing on continuous integration server only

Question

Context: We are multiple developers that are working on a single Office addin. Our continuous integration (CI) server creates deployable artifacts.

However, Visual Studio enforces every developer to sign the ClickOnce manifest (disabling the checkbox "Sign the ClickOnce manifests" in the project properties will re-check it on the next build). Thus every developer needs to be in possession of the signing certificate.

Is there a way to disable signing the manifest for the developers?

Note: We do not want to eventually deploy without a signed manifest, but we want to keep the signing certificate on a single machine.

Answer 1

We now solved this for us as follows:

1. We created a "development-only" certificate that is self-signed, expires in many years and is under version-control. All developers share this certificate, but it can't be used to create installers signed by our company.
2. The continuous integration server will update the application manifest and create a new deployment manifest using Mage (using the real signing certificate)

While this does not disable signing on the development machines, it avoids the problems associated with sharing the trusted certificate on all development machines.