I renewed my signing certificate and found out that it's a SHA384, this certificate signs my clickonce project as SHA1. I contacted Sectigo and they just told me that they don't provide SHA256 anymore.
According to Sectigo FAQS, they say I can request the timestamp as SHA256, but when doing it, Visual Studio 2019 says "An unexpected internal error has occurred". Either I request timestamp on 384 or I don't use timestamp server, the outcome is the same, signed as SHA1.
I have been looking for days and just can't find a way to solve this problem.
If you sign your click once deployment with a sha384 code signing certificate in any Visual Studio version prior to VS 2022, then the signed click once deployment will have the "unknown publisher" problem. Due to a bug in mage.exe
mage.exe has been fixed in Visual Studio 2022. I upgraded to VS 2022 17.3 and the deployment is now signed correctly using my new sha384 code signing certificate.
Research regarding this problem brought me to issue 6732 from the MS developer team and it was marked as fixed in milestone VS17 which is VS 2022. Therefore, I don't think that MS will fix it for older versions of Visual Studio. https://github.com/dotnet/msbuild/issues/6732