How to set 'Publisher' in a .NET ClickOnce application

You either need a certificate issued by a trusted source (e.g. Versign), or the user needs to install your certificate into their trusted certificates storage before installing your application.


Have a look at this article on the subject:

  • A certificate generated using the MakeCert.exe utility is commonly called a "self-cert" or a "test cert". This kind of certificate works much the same way that a .snk file works in the .NET Framework: it consists solely of a public/private cryptographic key pair, and contains no verifiable information about the publisher. You can use self-certs to deploy ClickOnce applications with high trust on an intranet; however, when these applications run on a client computer, ClickOnce will identify them as coming from an "Unknown Publisher." By default, ClickOnce applications signed with self-certs and deployed over the Internet cannot utilize Trusted Application Deployment.

  • By contrast, if you receive a certificate from a CA—such as a certificate vendor, or a department within your enterprise—the certificate offers more security for your users. It not only identifies the publisher of the signed software, but it verifies that identity by checking with the CA that signed it. If the CA is not the root authority, Authenticode will also "chain" back to the root authority to verify that the CA is authorized to issue certificates. For greater security, you should use a certificate issued by a CA whenever possible.