Signing Click Once Aplication Assymbly with Visual Studio 2012

Question

I'd like to deploy a Visual Studio 2012 project with the Click-Once technology from Microsoft. For developing I use a Windows 7 Machine and run Visual Studio as a normal User (not as root). For deploying I use Visual Studio 2012 as well.

My Problem is that when Users execute the Click Once Deployment File, the Security Software on the PC will mark my Software as unknown and ask the user for stopping the Execution. To avoid that I have ordered a Trustcenter Cerificate and Used it for Signing the Click Once Deployment File, which worked quite well. Until the point during the installing process where it downloads the assemblies. Visual Studio has as well an Option for signing the Assembly, but at first it has given an import error. After I had fixed that it gave me during the compiling process an error, it could not sign the assemblies. Therefore I used the post-build-option. There I inserted a signtool command, which worked pretty well. But when it comes to deploying, the signature got lost.

I've already called Trustcenter Support three times and they said to me after an analysis of the Certificate that this looks quite good. But when I want to import that into Visual Studio due the Assembly Signing Option, Visual Studio alerts, that is not able to find the Certificate.

Does anyone have an idea, how it is possible to deploy Click Once Applications with signed Assemblies? (Best case with Visual Studio 2012)

Best greetings,
Clemens

Answer 1

Well I sovled the problem after few more hours of try-error-methode. Basically the "Export all Certificates in a Path" Option shouldn't be set(Like Trustcenter support told me). Without this Option I've got an Error from Visual Studio, which could be solved with some OpenSSL Commands:
openssl pkcs12 -in cert.pfx -out backup.key
openssl pkcs12 -export -out out.pfx -keysig -in backup.key
The out.pfx can be used without problems.