I have a ClickOnce application that I built for a client, and I need it to be from a trusted publisher. How do I go about acquiring an Authenticode certificate and sign my application with it? So that when the application is launched, it's from a trusted publisher?
How do I install the certificate? Do I have to install it on my development server or does it matter where I install it?
How does the whole process work? I don't want to spend 3-5 hundred dollars on a certificate, and install something wrong and be out of luck.
Are there good tutorials on purchasing and installing a certificate and signing a ClickOnce application?
Sign using a certificateGo to the project properties window (right-click the project node in Solution Explorer and select Properties). On the Signing tab, select the Sign the ClickOnce manifests check box. Click the Select from Store button.
To enable ClickOnce security settings With a project selected in Solution Explorer, on the Project menu, click Properties. Click the Security tab. Select the Enable ClickOnce Security Settings check box.
You sign an application or component by using the Signing tab of the project properties window (right-click the project node in Solution Explorer and select Properties). Select the Signing tab, then select the Sign the assembly check box.
I recently went through this process. A certificate is not that expensive - we got a code-signing certificate for less than a $100.
After you have the certificate, follow the FAQ HOWTO: Code signing how-to* to sign your code (binaries).
After that, you have to go to project properties -> Signing and upload your certificate there as well (it's for ClickOnce). You can skip code signing though and sign ClickOnce only.
ClickOnce requires a certificate for code signing, and others will not work, see ClickOnce Deployment and Authenticode:
For ClickOnce applications, you must have an Authenticode certificate that is valid for code signing; if you attempt to sign a ClickOnce application with another type of certificate, such as a digital e-mail certificate, it will not work.
Jan'18 UPDATE: StartSSL is not trusted anymore, and I did NOT find any free (or similar to what StartSSL was offering) code signing certificates. At the end of the day, I went with ksoftware.net - $84/year for Comodo code-signing certificate (but you need to have DUNS record available for them to check!)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With