使用/debug，当您得到这条消息“After Private Key filter, 0 certs were left.”时，一个原因可能是pfx文件没有私钥。 当您将已安装的证书导出到pfx文件时，请确保启用复选框还包括私钥。

标准包括帐户名(与之关联的私钥)、域、公司、到期日期、预期用途等等。

导致这个错误的原因有很多，其中一些已经列出了。这里还有一个提示:在导入证书时，请确保使用从证书颁发机构(CA)接收的原始文件，否则可能会丢失一些属性。

示例:最近，我试图导入从同一台机器上的另一个帐户导出的证书。证书对我的帐户可见，但没有与我的帐户相关联，因此signtool在没有明确提供文件名和密码的情况下拒绝识别它。当作为构建过程的一部分并显式地写入批处理文件或源文件时，可能不够安全。(导入ca颁发的原始证书就解决了这个问题。)

我有这个问题，我不完全确定下面的哪一步使它工作，但希望这有助于其他人…这就是我所做的:

Install the downloaded certificate (.crt) into certificates (I put it into “personal” store) - right click on .crt file and click Install Certificate. Run certmgr.msc and export the certificate (found in whichever store you used in the 1st step) as a pfx file including private key and extended properties Use the exported .pfx file when signing your project Example signtool: signtool sign /f "c:\mycert.pfx" /p mypassword /d "description" /t http://timestamp.verisign.com/scripts/timstamp.dll $(TargetPath) where the password is the same as provided during Export

只要取消项目属性中签名选项卡中的“Sign the click once manifest”，它就会删除错误，你可以从那里创建一个新的。

如果你不需要签署应用程序，右键单击你的项目

项目属性->签名->取消勾选“签署ClickOnce清单”

正如这篇文章所指出的，

如果你使用的是Visual Studio 2008，目标是。net 3.5并使用自动更新，你只需更改证书并部署一个新版本，

我有同样的“私钥过滤后，0 certs被留下”的消息，我花了太多的时间试图弄清楚这条消息的意思。

问题是我在Windows证书存储中错误地安装了证书，因此没有与代码签名证书相关联的私钥。

我应该做的是:

Using either Firefox or Internet Explorer, submit the request to the issuer. This generates a PRIVATE KEY which is stored silently by the browser (a dialog appears for a fraction of a second in Firefox). Note that other browsers may not work: your life is too short to find out if they do. Submit the request, jump through the issuer's validation hoops and loops, sacrifice a goat, pray to the gods, submit a signed statement from your great grandparents, etc. Download the certificate (.crt) and import it into the same browser. The browser now has both the private key and the certificate. Export the certificate from the browser as a Personal Information Exchange (.p12) file. You will be asked to supply a password to protect this file. Keep a backup copy of the .p12 file. Run the Certificate Manager (certmgr.msc), right click on the Personal certificate store, select All Tasks/Import... and import the .p12 file into Windows. You will be asked for the password you used to protect the file. At this point, depending upon your security requirements, you can mark the key as exportable so you can restore a copy from the Windows store. You can also mark that a password is required before use if you want to break batch scripts. Run signtool successfully, breathe a sigh of relief, and ponder how much of your life you have wasted due to bad error messages and poor or missing documentation.