question

Daliborarapi-4647 avatar image
0 Votes"
Daliborarapi-4647 asked DanielZhang-MSFT commented

ClickOnce signed application - Unknown publisher when installing

I have a ClickOnce application (.NET Framework 4.7.2) which is signed with a code signing certificate.
Only the ClickOnce is signed (.manifest and .application) and not the executable ('Sign the assembly' is not checked in project settings, only 'Sign the ClickOnceManifests' is enabled).
I publish the application using the VS2019 Publish Wizard to a temp folder.
When I double-click on the .application file I get the click-once installation dialog which states:
Publisher cannot be verified
Publisher: Unknown Publisher

I've checked the following:
1. The root certificate is in Trusted Root Certification Authorities store (I've tried both in User and Machine store)
2. I've tried placing the code-signing certificate (just the public key) in Trusted Publishers store (I've tried both in User and Machine store)

I do not know what else to do here.
What could be the problem?

Using Windows 10 version 2004 (OS Build 19041.630).




dotnet-standard
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanielZhang-MSFT avatar image
0 Votes"
DanielZhang-MSFT answered DanielZhang-MSFT rolled back

Hi Daliborarapi-4647,
I suggest you sign the application with test certificate to check if it is your certificate problem.
And I just sign the ClickOnce manifests via "Create Test Certificate..." and install certificate to "Trusted Root Certification Authorities".
When installing the ClickOnce, the result is as follows:
43945-12111.png
So maybe the problem is on your certificate.
To change "unknown publisher" to an actualy publisher, you have to get a signing certificate from a trusted source.
You can obtain a certificate for code signing in one of three ways:
1.Purchase one from a certificate vendor.
2.Receive one from a group in your organization responsible for creating digital certificates.
3.Generate your own certificate by using the New-SelfSignedCertificate PowerShell cmdlet, or by using MakeCert.exe, which is included with the Windows Software Development Kit (SDK).
More details you can refer to these documents.
ClickOnce and Authenticode
Configuring ClickOnce Trusted Publishers
Best Regards,
Daniel Zhang


If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



12111.png (6.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Daliborarapi-4647 avatar image
0 Votes"
Daliborarapi-4647 answered DanielZhang-MSFT commented

Hi Daniel,
Thanks for helping. We already use the same certificate for signing a UWP application and there it works just fine.
I would like to point out that the scenario is different as you are installing the same certificate you are using for signing to the "Trusted Root Certification Authorities". With our certificate the root certificate is within the "Trusted Root Certification Authorities".
Nevertheless we are going to try it out.

Thank you.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Daliborarapi-4647 ,
In order to rule out the cause of the certificate, I suggest you check it with a test certificate.
And please let me know if there is new progress.
Best Regards,
Daniel Zhang

0 Votes 0 ·