none
Publisher has been verified prompt RRS feed

  • Question

  • I have an Outlook 2007 add-in that is being installed for all users via the Wow64to32 node in HKLM. This was an existing add-in, but my code signing certificate is expiring, so I am re-signing with a newly issued cert and reinstalling the MSI. The new cert is in the Trusted Publishers and the Trusted Root Authority stores, but I still get the "Publisher has been verified" prompt at installation.

    I have also tried just re-signing the Manfies and vsto without recompiling, but I also receive the "Publisher has been verified" prompt.

    What am I missing here? Is there possibly something wrong with my certificate? This was issued by our internal CA and we haven't had problems in the past with these certificates.

    Thanks

    Chris Waldmann

     
    Friday, January 4, 2013 4:05 PM

All replies

  • do you also update inclusion list entry?
    Friday, January 4, 2013 5:51 PM
  • That shouldn't be necessary since I am using a certificate from a certification authority, unless our cert people have change something.

    I'm also installing this to the Program Files directory, which should alleviate that need.

    Friday, January 4, 2013 5:55 PM
  • installing to program files will only help if you use vstor 2010 for .net 4.0. If you use vstor 2010 for .net 3.5 (which you do if you support office 2007) then program files location will not work. Please add inclusion entry during setup.
    Saturday, January 5, 2013 7:32 AM
  • But this still doesn't quite make sense, as this application was already installed and I just need to resign it.

    If I have version 1 installed with the original signature, and everything works fine, shouldn't i be able to just resign the manifest and vsto with my new certifcate and not go through the process of reinstalling a new MSI (which may include the inclusion list stuff)?

    Thanks,

    Chris

    Monday, January 7, 2013 2:28 PM
  • inclusion entry (which is either added through msi custom action or user by clicking ok on message box from office first time your add-in is run) is based on information that contains hash from your certificate. Changing your certificate invalidates your inclusion list entry.
    Monday, January 7, 2013 2:58 PM
  • Chris, do you know if your new certificate is a SHA2 or a SHA1 certificate?  E.g., I wonder, could it be a difference of the old certificate being one type, and the new one being another?

    - Michael


    Michael Zlatkovsky | Program Manager, Visual Studio Tools for Office & Apps for Office

    Monday, January 7, 2013 10:56 PM
    Moderator