Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to sign a ClickOnce application

Tags:

I have a ClickOnce application that I built for a client, and I need it to be from a trusted publisher. How do I go about acquiring an Authenticode certificate and sign my application with it? So that when the application is launched, it's from a trusted publisher?

How do I install the certificate? Do I have to install it on my development server or does it matter where I install it?

How does the whole process work? I don't want to spend 3-5 hundred dollars on a certificate, and install something wrong and be out of luck.

Are there good tutorials on purchasing and installing a certificate and signing a ClickOnce application?

like image 589
Carl Weis Avatar asked Mar 07 '12 23:03

Carl Weis


People also ask

How do you sign ClickOnce application?

Sign using a certificateGo to the project properties window (right-click the project node in Solution Explorer and select Properties). On the Signing tab, select the Sign the ClickOnce manifests check box. Click the Select from Store button.

How do I enable sign the ClickOnce manifest?

To enable ClickOnce security settings With a project selected in Solution Explorer, on the Project menu, click Properties. Click the Security tab. Select the Enable ClickOnce Security Settings check box.

How do I sign a Visual Studio application?

You sign an application or component by using the Signing tab of the project properties window (right-click the project node in Solution Explorer and select Properties). Select the Signing tab, then select the Sign the assembly check box.


1 Answers

I recently went through this process. A certificate is not that expensive - we got a code-signing certificate for less than a $100.

After you have the certificate, follow the FAQ HOWTO: Code signing how-to* to sign your code (binaries).

After that, you have to go to project properties -> Signing and upload your certificate there as well (it's for ClickOnce). You can skip code signing though and sign ClickOnce only.

ClickOnce requires a certificate for code signing, and others will not work, see ClickOnce Deployment and Authenticode:

For ClickOnce applications, you must have an Authenticode certificate that is valid for code signing; if you attempt to sign a ClickOnce application with another type of certificate, such as a digital e-mail certificate, it will not work.

Jan'18 UPDATE: StartSSL is not trusted anymore, and I did NOT find any free (or similar to what StartSSL was offering) code signing certificates. At the end of the day, I went with ksoftware.net - $84/year for Comodo code-signing certificate (but you need to have DUNS record available for them to check!)

like image 65
avs099 Avatar answered Sep 22 '22 17:09

avs099