Failed to sign bin\Debug\app.publish\setup.exe. SignTool Error: No certificates were found that met all of the given criteria.

The error is related with *.pfx file that is used in ClickOnce based deployment. All ClickOnce apps must have their clickonce manifests digitally signed by a certificate.

It's a security feature that allows your users to verify that any updates really originated from the publisher of the version you installed before. This is a basic property of Public Key encryption. On top of that you can have your certificate authorized by a trusted peer so that the details of the publisher supplied are also verified. (Having the same publisher as before doesn't have to mean the original information about the publisher is correct. That's the advantage of a bought one.)

So summary:

1. No certificate puts your users at a gamble where the software came from.
2. Self-signed certificates give the user certainty that updates at least came from the same publisher as their original install. But still don't know where this original came from.
3. Purchased certificates give users a degree of certainty that the information about the publisher is verified by a 3rd (and trusted) party. As well as any following updates.

--------------------------------------分割线---------------------------------------

Simply uncheck the Sign the ClickOnce manifests option to turn off it, the error gone.

 

参考链接：

https://www.codeproject.com/questions/232705/what-is-temporarykey-pfx

http://stackoverflow.com/questions/8955332/what-is-signing-clickonce-manifests-for

https://social.msdn.microsoft.com/Forums/onedrive/en-US/b1e51916-471e-440c-a0f4-cec8f04e9f68/failed-to-sign-bindebugapppublishsetupexe-signtool-error-no-certificates-were-found-that-met?forum=winformssetup