locked
Signed successfully, but "Unknown Publisher" dialog showing RRS feed

  • Question

  • Hello!

     

    I have some trouble with sgning/deploying my ClickOnce project.

     

    I have a Thawte Developer Certificate, with Code Signing option enabled.

     

    VisualStudio (or MSBuild) successfully build, sign, and publish (to network location) my project.

     

    Resulting setup.exe is signed, and ClickOnce manifests are signed successfully.

     

    Thawte root CA certificate imported, and even intermediate CA (Thawte Code Signing CA) certificate is imported too.

     

    But when i run setup.exe, an unfamous dialog "Unknown Publisher" is shown anyway.

     

    Why? Is anywhere some diagnostics, logs, or anything else?

    Tuesday, June 5, 2007 11:04 AM

All replies

  • Can anybody help me?
    Wednesday, June 6, 2007 6:06 AM
  • Try running signtool /pa /v <path to setup.exe>

    Does it say it is successfully verified?
    Thursday, June 7, 2007 4:09 AM
  • Verification of setup.exe:

      

    >signtool verify /pa  setup.exe
     Successfully verified: setup.exe

     

    There are no trouble with checking setup.exe - the dialog shown later, by ClickOnce, not bootstrapper:

    see screenshot http://files.rsdn.ru/4964/hc.png
     

     How i can check signed clickonce manifest?

    Thursday, June 7, 2007 7:02 AM
  • Hi Igor,

    I am struggling with the same problem since days (only on WinXP-PC, not on WinVista-PC). Can you tell me how you solved it?

    Regards

    Ewald

     

    Sunday, October 14, 2007 7:12 AM
  • Hi,
    I have a similar problem with my thawte certificate and a clickonce application.
    Can anyone give me a hint on this?
    Thanks!
    Ageman
    Wednesday, September 24, 2008 10:37 AM
  • Did you check "Sign the ClickOnce manifests" and successfully select a key file?
    Friday, September 26, 2008 2:34 AM
  • Do
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner

    have value?
    Friday, September 26, 2008 5:58 AM
  • I'm exactly having this issue, though it seemed to be working previously.

    The setup.exe is signed and looks great, but once the user gets to launching .application it says unknown publisher. Everything checks out on the Signing tab in VS2010. What's going on?

    Saturday, May 5, 2012 11:19 AM
  • I've discovered that the issue is machine-dependent. From one machine, the publish works perfectly, but on the other one, it doesn't. The latter is a machine with VS11 installed. This might be the issue.
    Saturday, May 5, 2012 1:56 PM
  • We're having the same issue with a ClickOnce deployment signed with a code signing certificate from Thawte.  It builds & publishes successfully, and we can then verify the setup with "signtool verify /pa setup.exe" and the result is "Successfully verified: setup.exe."  So everything seems good, until we try to install it on another PC, and we get the dreaded "Publisher cannot be verified".

    The dialog says "Publisher: Unknown Publisher".  How can we get it to show our company's name as the publisher?

    Note that if we run the install on the dev machine on which it was built & published, we get the "Publisher has been verified" message with the nice check mark.

    Thanks for your help.

    John


    • Edited by teeces Friday, July 6, 2012 6:38 PM
    Friday, July 6, 2012 6:23 PM
  • Thawte publishes intermediate certificates, which don't work with VSTO apps at all. They are supposed to work with regular ClickOnce applications, though. Is your app a VSTO app or a client application?

    The reason it works on the dev machine is because the certificate is installed in the user's certificate store.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev

    Monday, July 9, 2012 5:10 AM
  • Thawte publishes intermediate certificates, which don't work with VSTO apps at all. They are supposed to work with regular ClickOnce applications, though. Is your app a VSTO app or a client application?

    The reason it works on the dev machine is because the certificate is installed in the user's certificate store.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev

    Thanks for the reply.  It is a VSTO add-in for Outlook 2010, built with VS 2010.  Does this mean we need to buy another signing cert from a different company (e.g. Verisign)?  Thanks again!
    Monday, July 9, 2012 12:36 PM
  • Hi,

    The problem is the dialog in VSTO doesn't handle the chaining of intermediate certificates correctly, so they think it doesn't chain up to a trusted publisher. I could explain the whole thing if you really want to know. Here's the Microsoft article about it: http://support.microsoft.com/kb/970682

    You can install the certificate in the user's trusted publisher's store, but I wouldn't do that unless they work for the same company.

    You can also buy another certificate from a company that doesn't create intermediate certificates. Installing a certificate on our customers' computers wasn't an option for us, so I was fortunate that we bought a VeriSign certificate.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev

    Monday, July 9, 2012 6:12 PM
  • Hi,

    The problem is the dialog in VSTO doesn't handle the chaining of intermediate certificates correctly, so they think it doesn't chain up to a trusted publisher. I could explain the whole thing if you really want to know. Here's the Microsoft article about it: http://support.microsoft.com/kb/970682

    You can install the certificate in the user's trusted publisher's store, but I wouldn't do that unless they work for the same company.

    You can also buy another certificate from a company that doesn't create intermediate certificates. Installing a certificate on our customers' computers wasn't an option for us, so I was fortunate that we bought a VeriSign certificate.

    RobinDotNet


    Click here to visit my ClickOnce blog!
    Microsoft MVP, Client App Dev

    Thanks again for your help.  We bought a signing certificate from Verisign and it now works fine.  
    Wednesday, September 12, 2012 8:27 PM
  • What happens on the renewal of a Verisign cert?  Do users have to uninstall and re-install?  Windows 8 installation of a WPF application that isn't trusted is a major pain.  EDIT: Update Verisign said as long as I use the Timestamp server URL in the compile it should renew just fine.

    dan



    Friday, January 25, 2013 6:35 PM