How to install a signed certificate (.pfx) from Comodo into a Visual Studio project

Question

Installing a signed certificate from e.g. Comodo is challenging. Is there an easy way to do such?

Answer 1

It's not too difficult, and requires a number of steps.

Solution: - After trolling through a lot of resources, and actually doing this successfully, below are steps that are required to install a .pfx certificate into a Visual Studio project:

1. Firstly, you have to use Firefox when doing anything with Comodo.com (Sectigo.com) or any other certificate store. (When speaking with Comodo/Sectigo tech support, if you used another browser other than Firefox, the response will be "that is the problem.")
2. If you already requested (purchased) a signed certificate from Comodo or another certificate store using another browser, then you need to log into that store using Firefox, and request a "replace" or "reset" to the signed certificate they authorized. (they will then validate and bundle into a new .zip file for download).
3. It may take anywhere from 5 minutes to an hour for your certificate to be verified by Comodo/Sectigo, after which you will receive an e-mail to "collect" your certificate.
4. After you collect the certified certificate using Firefox, it will be stored in the Certificate list within Firefox.
5. Open Firefox-->Options-->Advanced-->Certificates
6. Select the certificate you just collected from Comodo/Sectigo
7. Select Export and then Backup, and then enter a password (save the password -- WRITE THIS PASSWORD DOWN, OR SAVE IN AN ENCRYPTED FILE/FOLDER, SINCE THIS PASSWORD IS THE MAIN AND ONLY PASSWORD THAT MUST BE ENTERED INTO VISUAL STUDIO WHEN IT ASKS FOR A PASSWORD WHEN SETTING UP CODE-SIGNING). Using Backup in Firefox will bundle together the private key and the certificate (the private key happens to be the private key you requested the certificate with at Comodo via Firefox).
8. After exporting the certificate, there will be a "certname.pfx" file. I like to copy the .pfx file to the folder containing the Visual Studio solution you want to add the certificate to.
9. In Visual Studio (2015), go to Project Properties-->Signing, and (a) add the .pfx certificate first to the "Sign the ClickOnce Manifests" (top of tab), and then (b) second add the .pfx to the "Sign the assembly" (bottom of tab), and enter the password from Step 7. (if you don't follow this order you won't be successful).
10. You are now done, and your compiled assembly will be protected with a signed certificate.

Note that if you are obfuscating your assembly, you will need to add a post-build command to use Windows signtools.exe, which resides in C:\Program Files (x86)\Windows Kits\10\bin\x86 if you installed the SDK for Visual Studio. Search on "post-build signtools.exe" (Note there is a 32-bit and 64-bit signtools.exe in folders x86 and x64. We have learned to use the 32-bit version, since we commonly compile to AnyCPU).

MAJOR POINT

YOU ALWAYS HAVE TO BE ONLINE WHEN COMPILING A RELEASE VERSION OF A VISUAL STUDIO ASSEMBLY THAT CONTAINS COMODO/SECTIGO KEY SIGNING, SINCE THE KEY CALLS THE SERVER FOR VERIFICATION AT BUILD TIME. THIS IS WHY BUILDING A RELEASE WITH COMODO KEY SIGNING WITHOUT AN INTERNET CONNECTION ALWAYS THROWS A MYSTERIOUS FAILURE ERROR MESSAGE -- IT'S BECAUSE YOU WEREN'T ONLINE DURING THE BUILD PROCESS.