locked
What should I do to avoid the message about Unknown Publisher when my Word, Excel plugin is loaded by the applications RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I created plugins for Word, Excel and Outlook with Excel 2010 Addin, Word 2010 Addin and Outlook 2010 Addin on Visual Studio 2010.  I also created an MSI installer program to install them.

    After installation, when the  application is launched, it shows a message about "Publisher cannot be verified.  Are you sure you want to install this customization?"

    I believe I have to do digital signature with the files but I have no clue what I should do.  I looked Signing tab in my project property, it shows two separate parts, "Sign the ClickOnce manifests" and "Sign the assembly".  Which one should I do or both?  I use MSI installer to install it, so I think I don't need "Sign the ClickOnce manifests", is that right?  If so, how come the checkbox is always checked?  I can unchecked it, but as soon as I rebuilt the project, it's checked again.  Can I leave it there with no certificate?  If I need to do "Sign the assembly", how should I get the key file?  I assume I can't generate a key file myself, can I?  Do I need to purchase it from Verisign?

    Thank you very much.

    Monday, August 18, 2014 8:52 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    You can disable this dialog by configuring the ClickOnce Trust Prompt. See How to: Configure the ClickOnce Trust Prompt .

    Also you may find the following links helpful:

    publisher not verified

    Disable: The publisher could not be verified. Are you sure you want to run this software message

    Tuesday, August 19, 2014 10:55 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you very much for reply.  However, I don't want to disable the prompt on client systems, I like to do digital signature on my components so it can be verified.  Do you know how I should do that?  Thank you.
    Tuesday, August 19, 2014 1:08 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The ClickOnce Security and Deployment section in MSDN provides a lot articles for this, for example:

    How to: Sign Application and Deployment Manifests

    ClickOnce Manifest Signing and Strong-Name Assembly Signing Using Visual Studio Project Designer's Signing Page

    ClickOnce and Authenticode

    Tuesday, August 19, 2014 4:43 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi ezdream,

    There are two way to grant trust to Office solutions.

    One is that sign the application and deployment manifests for Office solutions with a certificate that identifies the publisher. The another way is that trusting the solution by using the ClickOnce Trust Prompt( refer toGranting Trust to Office Solutions).

    If you don't want to the ClickOnce prompts the end user, you can sign the application and deployment manifests as Eugend mentioned above. Also you can get more detail from link below:

    How to: Sign Office Solutions

    How to: Sign Application and Deployment Manifests.

    Best regards

    Fei

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Wednesday, August 27, 2014 9:18 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you very much for the replies.

    I found an existing digital certificate file from VeriSign for my company so I loaded it on Sign the ClickOnce manifests.

    After I loaded the file, it show:

    Issued To     XXX

    Issued By      VeriSign Class 3 Code Signing 2010 CA

    Intended Purpose  DigitalSignature, Code Signing

    Expiration Date   1/1/2017 8:59:59AM

    I used it and tested, it seems I don't get the warning message now.  However, is there anyway I can confirm the components is signed properly?  I looked the file properties for the files, ExcelAddin.dll, ExcelAddin.dll.manifest, ExcelAddin.vsto, I don't see a "Digital Signatures" tab with the digital signature information.  I also looked my Addin in Add-Ins from Excel Options, the Publisher is still <None> and I don't see anything about the add-in is signed either.  So, is there anyway I can confirm the digital signature is deployed correctly?  In the Add-Ins, I also saw some other add-in, such as the WebEx Productivity Tools plugin, it shows Publisher: Cisco WebEx LLc.  Do you know how I can set it in my project so it can show my company name?

    Thanks again.

    Friday, September 5, 2014 8:52 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi ezdream,

    >>now.  However, is there anyway I can confirm the components is signed properly? <<

    To verify that the correct certificate is being used, click More Details to view the certificate information like figure below(right click the project->properties->signing->more details):

    Best regards

    Fei

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, September 9, 2014 8:31 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    OK, so it looks good.  Thanks!!!
    Tuesday, September 9, 2014 9:50 PM