We ran into a little bit of trouble while installing our apllication throug ClickOnce.
We own a Verisign Certificate which we use to sign the ClickOnce installer, using the option in VisualStudio. This is working as intended as during the first installation of the application, Windows asks if we are sure to install, but but shows our company as the publisher as intended in the certificate.
However the installed files are not signed. On some of our customer machines, after this first security check, windows throws another warning, regarding the name of the installed apllication-exe, saying the publisher is unknown.
We tried to sign the exe-files in question in the opt-folder throug a postbuld command, which is indeed signing them, but the clickonce installation fails after that, claiming the hash of the file is different from the hash in the manifest.
What is the correct approach to sign ALL exe and dll files in a ClickOnce installaion?
Is this a WPF application? If so, it has a different set of targets and execution order than forms applications, which requires you to use the AfterCompile command rather than the PostBuild command. See RobinDotNet's blog post on this topic for more information on this.