0

We have used a certificate from StartCom for the last 1.5 years. By January 2016, our certificate is not accepted anymore by Microsoft - I supposed because it was signed with sha1 fingerprint. That means, all people trying to install/update our application got a Windows UAC prompt.

Anyway, we have just bought a new one which is signed with sha256 and I thought everything should be fine now. But the prompt does not disappear anymore.

I checked both setup.exe and OurApplication.exe (in Application Files) of the click-once application. They show both the same certificate, that is:

Publisher Information : CN=Anonyme, O=Anonyme, L=Place, S=State, C=US
Valid From: 28.01.2016 00:00:00
Valid To: 28.01.2018 00:00:00
Issued By: CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL

Everything looks okay to me from the client side.

  • Are there ways to make sure I have not made any mistake when signing the exe's? I have used signtool.exe so far to print out the status of both executables (setup.exe and OurApplication.exe). It never complained.
  • Does it take time until the application runs without prompt? Is there any way to influence that? Obviously, I don't want to risk that all users get prompted at the next update, that's why I was using the application from another URL (beta location).
andreas
  • 7,844
  • 9
  • 51
  • 72
  • With ClickOnce you don't just sign the executable - you have to publish the package which in turn signs the package manifests. Have you republished using the new cert? – slugster Jan 29 '16 at 01:18

1 Answers1

0

I don't know why, but one day later the application did not make the UAC prompt anymore. I suppose it just takes some time until Microsoft has collected enough data about the application and its certificate.

The issue is resolved.

andreas
  • 7,844
  • 9
  • 51
  • 72