question

StavrosDimopoulos-6401 avatar image
0 Votes"
StavrosDimopoulos-6401 asked VincentMoreau-2106 answered

ClickOnce signing: Is it possible only with SHA256 certificate?

I want to sign a ClickOnce application but I cannot make it work, I always get a warning or an error that prevents installation.

I've read some old articles that said that I need both SHA-1 and SHA256 certificates in order to sign a ClickOnce application.
It worked fine for a long time but I cannot make it work any more.

  1. SHA1 certificates are deprecated
    https://docs.microsoft.com/en-us/sysinternals/announce/sha1deprecation

  2. It is difficult to get a SHA-1 from my EV Code Signing Certificate Provider

Is it possible to use ClickOnce nowadays or should I use another installer and rewrite my application?

windows-10-application-compatibility
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

5 Answers

sylviachen-MSFT avatar image
0 Votes"
sylviachen-MSFT answered

You have posted in the windows 10 application compatibility forum, since your issue is related to “ClickOnce and Setup & Deployment Projects”. I suggest you ask at the dedicated windows forms forum over here:

https://docs.microsoft.com/en-us/answers/topics/windows-forms.html?page=1&pageSize=15&sort=active&filter=all

Best regards,
sylvia


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sylviachen-MSFT avatar image
0 Votes"
sylviachen-MSFT answered

Just to check if the above reply could be of help, if yes, you may mark useful reply as answer, if not, welcome to feedback.


Best regards,
Sylvia

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyNakamura-7969 avatar image
0 Votes"
AndyNakamura-7969 answered

The clickonce forum has been shut down. Users are told to post here.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WithinRafael avatar image
0 Votes"
WithinRafael answered WithinRafael edited

Signtool no longer supports signing of ClickOnce manifests; use Mage instead. However, you may soon hit another problem -- you can't interact with Hardware Security Modules (HSMs) to sign ClickOnce manifests. (HSMs are typically your only option when dealing with EV certificates these days.)

Your best option is to migrate away from ClickOnce. (Sorry.)


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VincentMoreau-2106 avatar image
0 Votes"
VincentMoreau-2106 answered

@WithinRafael (HSMs) are not supported since .net 4.7 to sign clickonce manifest as documented here

I just bring back this thread as I had issue with a new certificate and investigating EV.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.