If you open a signed package (such as to set the capabilities) when the updated package is saved it is no longer signed. The ability to specify the certificate/password should be part of that workflow also.
View best response
Thanks for the feedback. We are working on getting that ability added in for our next release.