none
Windows 8 shows the "Unknown Publisher" security warning after clicking the shortcut to a .NET 4.0 ClickOnce App with signed manifest and signed EXE file.

    Question

  • Hello, I have made a ClickOnce Full trust application with VS2010 and .NET 4.0 Client Profile. The application manifest and even the EXE file is signed with a valid publisher certificate.

    The publisher is recognized and the certificate chain is accepted during install. A Medium-risk dialog is shown (because of the Full trust) and program shortcuts are created. Everything is ok.

    After clicking the program shortcut in Windows 8 the certificate is no more recognized. Just like the EXE file would not be signed. A warning prompt is shown saying the ...exe is from an Unknown Publisher and it would be a security risk to continue.

    In Windows XP and 7 there is no such issue.

    Googling for "ClickOnce Trust Manager indicates an unknown publisher in security warning" I have found the following article:
    http://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCQQFjAA&url=http%3A%2F%2F202.173.11.96%2Fdo%2Fdratekxtrans%2Fhttpecd_cssgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D237569&ei=fCipUJr2EMXh4QSKgoHIAw&usg=AFQjCNEigvd5l2QPGS8fIQVdHRik1fXaow

    If it is a bug in Windows 8? When it will be fixed?
    Does ClickOnce in Windows 8 accept no more certificates with the hash algorithm SHA1 but the stronger SHA2?
    How can I discard showing the warning message not involving end users into this process in Windows 8?


    I have a valid SHA1 Codesign certificate.

    thanks for your help



    polo

    Sunday, November 18, 2012 6:58 PM

All replies

  • what is the value of <dsig:DigestMethod Algorithm=" in your application manifest? What is the actual length of the hash?



    Visual C++ MVP

    Tuesday, December 04, 2012 2:06 AM
  • Hi.

    I have the exact same problem, signature of click once works fine in XP and Win7 but Windows 8 brings up the message "Unknown Publisher". 

    Here is the DigestMethod Algorithm value from me: 

    <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <dsig:DigestValue>YM2BS8V8nep6YENzEohtRezyY3c=</dsig:DigestValue>

    I hope someone can shed a light on this.

    Regards. 

    Sigtryggur.

    Wednesday, December 12, 2012 10:16 AM