Set up eSigner CKA
Download eSigner CKA from SSL.com and install the application.
For a complete guide on how to install eSigner CKA and use it to load your EV code signing certificate on the User Certificate store, head over to this guide: How to Automate EV Code Signing With Signtool.exe or Certutil.exe Using eSigner CKA (Cloud Key Adapter).
The following subsections are important snippets from the guide.
Choose Automated Code Signing
Choosing Automated Code Signing during the installation mode will prevent Visual Studio from asking multiple times for the OTP if you have multiple files to sign. Click this link to read the section of the guide explaining how to install eSigner CKA for automated code signing.
After installing eSigner CKA, login to the program with your SSL.com account credentials.
Place your Time-based One-Time Password (TOTP)
You can find your TOTP included in the EV Code Signing certificate order details on your SSL.com account. Type in the 4-digit PIN that you have previously set when you enrolled your order for eSigner and then click the Show QR Code button to reveal the TOTP.
Your TOTP will be shown on a box labeled secret code. Copy the TOTP, paste it on the TOTP Secret field of eSigner CKA window and then click the OK button to save it.
After putting in your SSL.com account credentials and TOTP, you will be able to view the details of your EV Code Signing certificate. In case you decide to update your TOTP, paste the new TOTP on the allotted field and then click Save.
Check your EV Code Signing Certificate in the User Certificate Store
Upon installing eSigner CKA and adding your EV Code Signing certificate to the User Certificate store, you will be able to check your EV Code Signing certificate by pressing Windows key + R and then type in certmgr.msc to access the User Certificate store. When the certificate manager window pops up, click the Personal folder on the left panel and then select the Certificates subfolder on the right to locate your EV Code Signing certificate.
Run Visual Studio 2022
Open your project on Visual Studio and hover to the Solution Explorer window.
Click the Demo tab and choose the Publish option.
When the window for publishing locations appears, choose ClickOnce and then click Next.
Confirm the location for publishing and click Next.
Keep on clicking Next for Install Location and Settings
Once you reach the Sign manifests stage, click the check box for Sign the ClickOnce manifests option and then click Select from store.
Choose the correct EV code signing certificate that you have loaded on the User Certificate Store using eSigner CKA.
You can also check if the serial number of the certificate matches the one on eSigner CKA by clicking on the certificate properties and Details tab.
Upon making sure that you have selected the right certificate, click Next and then, Finish.
Ready to Publish
Visual Studio will then notify you that the file is ready to be published to ClickOnce. Click the Publish button.
Several seconds after clicking the Publish button, Visual Studio 2022 will notify you if the files have been successfully code-signed and published.
Check the Digital Signatures on the Signed Files
You can then proceed to the location of the files that have been code-signed and check for the details of their digital signatures.
Right-click each file. Click Properties. Click the Digital Signatures tab. And then click the Details button to view the details of the EV code signing certificate.