Well, I am not doing anything right, and I need help. Here's what happens:
- I have a βrealβ Authenticode certificate from Comodo that I paid for.
- I am trying to sign and deploy a WPF application written in Visual Studio 2012 and .NET 4.5.
- In the project properties, I checked "Sign the ClickOnce manifest" and selected my certificate.
- I also use Comodo timestamp ( http://timestamp.comodoca.com/authenticode )
- On the Publish tab and in the Prerequisites section, I checked Create an installer to install components of the required components.
When I build and publish, everything works! The setup.exe file is signed with my Comodo certificate, so ok. In addition, the .application file .application signed with a Comodo certificate, and my company name is displayed as a publisher - this is also good.
Here the problem arises: after the application is downloaded to the client, Windows 8 issues a warning about an unreliable program (MyProgram.exe), and the publisher is not my company name. So, everything is signed, except for the actual executable.
I tried to add a post-build script that uses signtool.exe for obj \ Release \ MyProgram.exe, but when I try to install the application, I get an explicit error stating that the hash values ββare not used, t. In other words, a manifest is generated before the post-build event.
How to sign my .exe and maintain the integrity of the ClickOnce manifest? Is there an easy way to do this or do I need to use mage.exe for each file manually (hopefully not)?
wpf clickonce authenticode
Jason williams
source share