ClickOnce signed application - Unknown publisher when installing

Dalibor Čarapić 1 Reputation point
2020-11-27T11:57:23.68+00:00

I have a ClickOnce application (.NET Framework 4.7.2) which is signed with a code signing certificate.
Only the ClickOnce is signed (.manifest and .application) and not the executable ('Sign the assembly' is not checked in project settings, only 'Sign the ClickOnceManifests' is enabled).
I publish the application using the VS2019 Publish Wizard to a temp folder.
When I double-click on the .application file I get the click-once installation dialog which states:
Publisher cannot be verified
Publisher: Unknown Publisher

I've checked the following:

  1. The root certificate is in Trusted Root Certification Authorities store (I've tried both in User and Machine store)
  2. I've tried placing the code-signing certificate (just the public key) in Trusted Publishers store (I've tried both in User and Machine store)

I do not know what else to do here.
What could be the problem?

Using Windows 10 version 2004 (OS Build 19041.630).

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,346 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel Zhang-MSFT 9,611 Reputation points
    2020-12-01T06:11:36.86+00:00

    Hi Daliborarapi-4647,
    I suggest you sign the application with test certificate to check if it is your certificate problem.
    And I just sign the ClickOnce manifests via "Create Test Certificate..." and install certificate to "Trusted Root Certification Authorities".
    When installing the ClickOnce, the result is as follows:
    43945-12111.png
    So maybe the problem is on your certificate.
    To change "unknown publisher" to an actualy publisher, you have to get a signing certificate from a trusted source.
    You can obtain a certificate for code signing in one of three ways:

    1. Purchase one from a certificate vendor.
    2. Receive one from a group in your organization responsible for creating digital certificates.
    3. Generate your own certificate by using the New-SelfSignedCertificate PowerShell cmdlet, or by using MakeCert.exe, which is included with the Windows Software Development Kit (SDK).
      More details you can refer to these documents.
      ClickOnce and Authenticode
      Configuring ClickOnce Trusted Publishers
      Best Regards,
      Daniel Zhang

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Dalibor Čarapić 1 Reputation point
    2020-12-01T09:33:36.97+00:00

    Hi Daniel,
    Thanks for helping. We already use the same certificate for signing a UWP application and there it works just fine.
    I would like to point out that the scenario is different as you are installing the same certificate you are using for signing to the "Trusted Root Certification Authorities". With our certificate the root certificate is within the "Trusted Root Certification Authorities".
    Nevertheless we are going to try it out.

    Thank you.