How is everyone else doing this?
We were previously signing our code using EVCS + hardware token (Yubikey) via SSL.com but have recently had alot of issues. It now appears as though this is no longer supported: https://www.ssl.com/blogs/new-minimum-rsa-key-size-for-code-signing-certificates/
As an interim solution we are using their eSigner solution but have found it very expensive, not transparent and with dubious billing practices.
What is the current best practice for signing ClickOnce deployment using Visual Studio? How is everyone else signing their applications? Is there a better alternative?
In the problem I'm having, many people now use sha384 code signing certificates.
However, if you use it before vs2022, it seems that there will be some problems, see this case for details.
For ev code signing maybe you can try this article.
Rhom's Update: I have an open ticket and more detailed explanation of the issue here