We are creating a Full-Trust XBAP application and it needs to be installed/executed remotely outside of the customer's domain. In order to accomplish this we have purchased a Thawte code-signing certificate. We have used the spc and pvk from Thawte to create the pfx file for code-signing in VS 2008 on our XBAP.
We import the pvx/cert onto each of our user's machines into their Trusted Publishers and Trusted Root Certification Authorities stores as needed to execute a Full-Trust XBAP. However, each user is unable to download/execute the XBAP due to "not granting privileges to the XBAP application." which is indicative of a certificate not being installed.
We are able to resolve this by importing the Thawte Code Signing CA certificate from Thawte's web site onto each user's machine. We need to know if this is the proper method for doing this or if we are missing something with using Thawte code-signing certs for XBAP/ClickOnce applications. Do we have to have this Thawte intermediate cert installed on each machine? Or is there a workaround to get our base pvx/cert to work alone?