VSTO 'ClickOnce manifests' signing using Code Signing ECC SHA384

Question

I have a PowerPoint VSTO/C# project that is using the Visual Studio signing capability. The project was using the Sha256 code signing certificate and was working correctly.

I was able to select the correct signature in the Visual Studio signing tab by clicking on 'Select from Store...'.

Recently I renewed the certificate to DigiCert Global G3 Code Signing ECC SHA384 2021 CA1. Since then, Visual Studio is not able to select my signature.

When I click on 'Select from Store...", I am getting the message:

No certificates available. No certificates meet the application.

I am using Visual Studio 2019 16.11.5.

Is this a limitation of Visual Studio? If yes, is there a possibility to run a post build tool manually to perform the same operation?

Answer 1

The certificate authority informed us that since jun 2023 the sha256 is no longer available.
Strange thing is that the signtool does support the certificate.

Answer 2

You need to use RSA 256, I also bought an Code signing cert that is ECC and it isn't supported

Answer 3

I had the similar problem and asked about it there: https://developercommunity.visualstudio.com/t/Visual-studio-doesnt-detect-digicert-co/10135932?port=1025&fsid=d5a2dbf9-137f-411b-aec3-06d687a8d0cf&entry=problem. Mage tool used by Visual Studio to sing ClickOnce manifests doesn't support ecc public keys. Also I'm not sure if Mage tool supports sha384.