This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 79%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
I have developed a C# app in VisualStudio and deployed it via ClickOnce. I am now trying to sign all files, including the .application manifest file, with Trusted Signing from Microsoft. However, the publisher is still displayed as "Unknown Publisher" despite signing all exe and dll files. I am using a PowerShell script to apply the Trusted Signing to my files. Can someone guide me on how to properly sign the .application manifest file using Trusted Signing? Any help or recommendations would be highly appreciated!
I am also fully willing to transition to creating a .msi installer if that would apply all the signing properly, but I'm hoping I can make ClickOnce work as it is a far more convenient deployment process.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Kieran Clark ,
Thanks for reaching out.
Unfortunately, as of now trusted signing for clickonce application and manifest files is not supported.
To sign these (on the command line) you have to use mage.exe, see https://learn.microsoft.com/dotnet/framework/tools/mage-exe-manifest-generation-and-editing-tool )
I would suggest you post this idea at the Azure Feedback Portal, which is monitored by the product team for feature enhancements.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Ok, but from what I can tell, Trusted Signing doesn't give you an actual downloadable cert file so I'm not sure how I can use mage.exe with it. It also seems like the EKU for Trusted Signing isn't set up for code signing.
Can I use the Trusted Signing system to sign code and avoid security warnings and unknown publisher warnings in my installable applications or not?
It's fine if I can't use ClickOnce and have to make an msi installer or something, I'm just trying to get clarity because I've been bashing my head against his for the past few days.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 52%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@Kieran Clark Trusted Signing only supports file types supported by SignTool: https://learn.microsoft.com/en-us/azure/trusted-signing/faq#what-types-of-files-can-be-signed-with-trusted-signing
So, we don't yet support ClickOnce yet, however, we do support .msi.
Following up on your question in the comment, Trusted Signing certs and EKU are default trusted on supported Windows OS versions. As long as the file types are the ones supported by SignTool.