Sign application with a certificate in ClickOnce deployment


For my Windows-based application, I would like to use ClickOnce as the deployment technology. My application will be distributed via the Internet.

In the article ClickOnce and Authenticode, I read that:

For ClickOnce applications, you must have an Authenticode certificate
that is valid for code signing. You can obtain a certificate for code
signing in one of three ways:

  1. Purchase one from a certificate vendor.

  2. Receive one from a group in your organization responsible for creating
    digital certificates.

  3. Generate your own certificate with MakeCert.exe, which is included
    with the Windows Software Development Kit (SDK).

In my case, number 2 is not applicable.

As I read a few rows later:

By default, ClickOnce applications signed with self-certs and deployed
over the Internet
cannot utilize Trusted Application Deployment.

(Emphasis mine.)

I cannot understand the meaning of this by default. Is the option #3 possible or not in my case?

And then, to understand all the possibilities, what does the #1 imply ? (“Purchase one from a certificate vendor”) What kind of certificate should I buy? Which certificate authority can be recommended? Depending on what I should choose? How much does a certificate cost?


It must be a “Microsoft Authenticode Certificate”. It allows us to sign all kinds of Windows executables and code, including .exe, .cab, .dll, .ocx, and .xpi files.

It is not mandatory to sign an application, but if we do it our users won’t see a warning message stating that the author of the software is unknown.

Microsoft Authenticode Certificates need to be issued by a trusted certificate authority. Unfortunately, the prices are quite expensive. More information and some examples
are on page Microsoft Authenticode Certificates.

UPDATE I purchased the certificate through KSoftware, which is a Comodo retailer. The price is quite good compared to alternatives: $95/year. The process is faster than I expected: I applied in the morning and in the evening my certificate was already available. (For those interested, I followed this step-by-step guide.)

Answered By – Dev

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published