There are a couple of options available for signing your ClickOnce application:
When the signing options screen appears (which it does whenever you save a manifest file using MageUI.exe), you'll probably be tempted to use one of the “stored certificates”. This is probably OK if you never plan on switching machines or changing your overall network environment. So do yourself a favor and use this dialog to at least create a [name].pfx file for use with the ClickOnce manifest files just in case you decide to pull the rug out from under your development environment; such as using a stored certificate on the local machine and replacing the OS with Windows Vista. ;-)
So what happens if you sign a ClickOnce application with a different certificate? When the upgrade is attempted it will compare the previous certificate with the new one and since they are different the upgrade will fail. If you can't get access to the previous certificate (which in this case I could -- I do make backups... do you? anway, back to the point) your pretty much screwed. To “fix” the issue, you'll have to get your end users to uninstall and then go through the click once process again. However, you might have a problem trying to notify all of the end users with these instructions and the support lines light up when you just force it upon them.