How your public-key certificate gets to the end user
When an application is defined as signed and the end user downloads a signed configuration or component cabinet file (each of which contains your public-key certificate), WebClient on the end user's machine:
1. Extracts the digital signature and your public-key certificate from the cabinet file.
2. Verifies the digital signature of the cabinet file, using your public-key certificate.
3. Also verifies your public-key certificate through its issuer's root public-key certificate. The issuer's root public-key certificate can be obtained from the cabinet file itself or from the certificate store used by Microsoft Internet Explorer.
4. Displays the information on the certificate and asks whether the end user trusts it.
Note: If the end user says no, the process aborts.
5. Optionally stores your public-key certificate in the digital certificate store of Internet Explorer.