Cannot sign Click Once manifest via VS options or using signtool

Add-in Express™ Support Service
That's what is more important than anything else

Cannot sign Click Once manifest via VS options or using signtool
 
SimonKravis




Posts: 17
Joined: 2013-11-25
I have a C# Visual Studio 2013 solution (FindAlike) consisting of a number of projects. One of these projects (SimilarFiles) is a class library, including an AddIn Express component, as it implements an MS Office Add-in. When I publish the project as a ClickOnce installer as a Microsoft Office Add-in, a folder is created in the projects Publish folder with the version number of the project containing many files with extension .deploy. Also in the folder above are a file called findalike.application and one called setup.exe. If I copy the contents of the Publish folder to a new machine I can install the Add-in by clicking on findalike.application, but I receive a warning about an unknown publisher. If I confirm installation it proceeds satisfactorily.

I have a valid code signing certificate purchased from Comodo, which I use successfully with SignTool to sign a Windows Forms self-extracting installer from another project in the solution.

The option to sign the ClickOnce Manifest in the SimilarFiles project is greyed out, presumably because SimilarFiles is a class library project.

I can specify a code signing certificate by right-clicking on the SimilarFiles project and hovering over the Add-in Express entry and then selecting Signing Options, but the warning message still appears when I attempt the installation on a new machine

How can I use the code signing certificate in order to indicate to the ClickOnce installer on the new machine that the manifest is signed?

Signtool does not work on the setup.exe file, stating that it is not a valid Windows executable. Neither does it work on findalike.application
Posted 05 May, 2019 18:04:00 Top
Andrei Smolin


Add-in Express team


Posts: 17125
Joined: 2006-05-11
Hello Simon,

Add-in Express project provides a way to sign it. Right-click the project in Solution Explorer and choose Add-in Express | Publish. In the Publish dialog you specify the certificate and other settings and click Publish. Find details in section Add-in Express ClickOnce Solution, see the PDF file in the folder {Add-in Express}\Docs on your development PC or https://www.add-in-express.com/docs/net-clickonce-solution.php.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 08 May, 2019 08:30:08 Top
SimonKravis




Posts: 17
Joined: 2013-11-25
Thanks Andrei - I did not see the signing options on the Publish screen. If I select my purchased Code Signing certificate and use only SHA-1 encryption it works fine, and the installation proceeds without the warning message. Signing fails if SHA-256 or both SHA-1 and SHA-256 are selected.
Posted 08 May, 2019 20:29:17 Top
Andrei Smolin


Add-in Express team


Posts: 17125
Joined: 2006-05-11
Hello Simon,

Could you please capture a video showing both successful and unsuccessful signing and send it to the support email address? You can use any free video-capturing software available on the web; say, you can use Jingle. As to the support email address, find it in {Add-in Express installation folder}\readme.txt; please make sure your email contains a link to this topic.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 09 May, 2019 01:35:58 Top
Andrei Smolin


Add-in Express team


Posts: 17125
Joined: 2006-05-11
Hello Simon,

Thank you for the screenshots you've sent.

SimonKravis writes:
Signing fails if SHA-256 or both SHA-1 and SHA-256 are selected.


I would like that you capture a video showing what you do: seeing what you do is far better than reading about what you do. Would this be possible?

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 13 May, 2019 09:19:04 Top