Code Signing Tips:
We recently updated our code signing certificate and failed to notice that the new has algorithm was SHA256. No big deal, right?
2012, SHA256 certifcates, and #clickonce
do not play well together. After trying out many SO and TechNet solutions (tons of awesome help from @RobinDotNet by the way) I decided that signing the code outside of Visual Studio would be best. None of the BeforeBuild, AfterCompile, etcs. resulted in fully signed or entirely installable deployments.
I wrote a python script to handle the signing of the application, manifest, and setup files. We parse the .application file as xml to obtain the current 'Application Files' folder version to sign.https://gist.github.com/catodd/88fda7b659fd151773c1