Specify the certificate you want to use to sign the ClickOnce manifests (.application and .manifest files).
Sign ClickOnce Manifests
Uncheck to turn off manifest signing. By default ClickOnce manifests are signed so that they cannot be tampered with after creation. It is recommended to check this box unless you are comfortable with the security implications of unchecking it.
This field supports macro replacement. See Macros for more details.
A .pfx or .p12 certificate file that will be used to sign the ClickOnce manifest files (.application and .manifest files).
In order to avoid users seeing a "Security Warning" dialog when installing your application you will need to ensure that the certificate is configured in the Trusted Publishers certificate store on the user's machine and that the certificate authority that issued the certificate is configured in the Trusted Root Certificate Authority certificate store on the user's machine.
See this Microsoft page for more details: http://msdn.microsoft.com/en-us/library/ms996418.aspx
If your certificate is password protected, enter the password here.
Certificate Timestamp URL
Specify the URL of a service that will time stamp your manifest during the publishing process. When a published application's certificate expires, the time stamp service can be called upon by the client to verify whether the application was signed while the certificate was still valid and is needed to utilize the TAD features. VeriSign, Inc. is an example of a CA that provides this kind of service.