none
Publisher cannot be verified RRS feed

  • Question

  • Background:

    We are a Microsoft Partner developing an Office add-in. The Office Outlook 2007 Add-in is written in VB.NET using Visual Studio 2010 VSTO targetting the .NET 3.5 Framework. We also have bought a Code Signing Certificate from Thawte (this is the same ceritificate that one has to get when applying for Windows 7 application certification).

    Our certificate is valid and thawte has confirmed it is configured correctly. We are able to sign regular .NET DLL's and Exe's. Have what is called the .cer and exported .pfx file with me.

    On Development PC have imported the certificate to my trusted publishers.

    Problem:

    When the Outlook plugin is installed on a Client PC (Win 7, Outlook 2007 and prereqs loaded) it still gets the "Publisher cannot be verified" on the Microsoft Office Customization Installer screen. Says Publisher: Unknown Publisher.

    If we right click on the output .vsto file and look at its properties do not see the tab for 'Digital Certificates' which is normally seen for signed files.

    So my thinking is that Visual Studio is not signing the vsto and dll at all. Need help in identifying why it is not doing that?

    In Visual Studio Outlook Add-in project properties have the 'Sign ClickOnce manifests' checked, all my dependent DLLs are signed already. The Timestamp URL is set to http://timestamp.verisign.com/scripts/timstamp.dll Have tried with and without the checkbox of 'Sign the assembly'. It was able to import the .pfx file. Build does not give any errors.



    • Edited by Anup Mistry Thursday, March 22, 2012 2:36 PM
    Thursday, March 22, 2012 1:59 PM

Answers

  • 1. either create separate dll project or add new class to your add-in project

    2. add installer class, name it like InclusionListCustomAction

    3.  ovrride at least Install action and add there:

    string publicKey = "<RSAKeyValue><Modulus>your modulus</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
                var path = new FileInfo(Context.Parameters["assemblypath"]);
                Uri solutionLocation = new Uri(string.Format(@"file:///{0}/yourvstofile.vsto", path.Directory.FullName.Replace("\\", "/")));
    
    
                var entry = new AddInSecurityEntry(solutionLocation, publicKey);
                if(!UserInclusionList.Contains(entry))
                    UserInclusionList.Add(entry);

    4. in your setup project go to custom actions editor, under install node add primary output of your project from step 1

    Now when you install your add-in it should be added to inclusion list. Uninstall and install using new installer on machine where you have troubles.

    http://msdn.microsoft.com/en-us/library/cc442767.aspx

    http://msdn.microsoft.com/en-us/library/bb608607.aspx

    • Marked as answer by Anup Mistry Monday, April 2, 2012 2:21 PM
    Wednesday, March 28, 2012 8:11 AM

All replies

  • I believe it's not the .dll that needs to be signed, but rather the setup.exe file generated by the Windows Installer Setup project.  I've done this in the past using the SignTool utility and pvktopfx.exe to work with the .pvk and .spc files.

    Use pvktopfx.exe first:

    "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\pvk2pfx.exe" -pvk myfilename.pvk -pi publishername -spc myfilename.spc -pfx myfilename.pfx

    Then the SignTool:

    signtool sign /f "C:\mypath\myfile.pfx" /p publishername "C:\mypath\setup.exe"


    Eric Legault
    MVP (Outlook)
    About me...

    Thursday, March 22, 2012 3:24 PM
    Moderator
  • My setup.exe/setup.msi are both signed. So in my case that does not appear to be the problem.

    Thursday, March 22, 2012 3:37 PM
  • VSTO also have proper signature info. How are you deploying your add-in to other computers? as click once or setup.msi? Show screenshot of Signing tab of your ptoject's properties window in VS.

    Thursday, March 22, 2012 3:39 PM
  • we are using msi. Below is my signing tab. It compiles fine but after that right clicking on .vsto or .dll do not show the Digital certificates tab in the file properties. Build is fine.

    Thursday, March 22, 2012 3:47 PM
  • clicking on vsto or dll will not show any certificates in properties window. When you deploy your add-in using msi - do you remember to add plugin to InclusionList in setup's custom action?
    Friday, March 23, 2012 8:02 AM
  • Hi, Anup

    I noticed that you imported the certificate to Trusted Publishers explicitly, which is not a proper destination.  Please imported the certificate to Trusted Root Certificate Authority on client computer before running VSTO installer.

    I'm referring to: http://blogs.msdn.com/b/rextang/archive/2009/01/27/9377001.aspx

    Hope this could get you started.

    regards.


    Forrest Guo | MSDN Community Support | Feedback to manager


    Tuesday, March 27, 2012 9:32 AM
    Moderator
  • if this is not a self-signed certificate then this should not be necessary?
    Tuesday, March 27, 2012 9:54 AM
  • I don't have a commercial cercificate to try, but I believe it's worth trying to import it to Trusted Root CA,

    regards,


    Forrest Guo | MSDN Community Support | Feedback to manager

    Tuesday, March 27, 2012 10:01 AM
    Moderator
  • <quote>

    do you remember to add plugin to InclusionList in setup's custom action?

    </quote>

    Have not done that, how does one do that?

    Tuesday, March 27, 2012 6:53 PM
  • 1. either create separate dll project or add new class to your add-in project

    2. add installer class, name it like InclusionListCustomAction

    3.  ovrride at least Install action and add there:

    string publicKey = "<RSAKeyValue><Modulus>your modulus</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
                var path = new FileInfo(Context.Parameters["assemblypath"]);
                Uri solutionLocation = new Uri(string.Format(@"file:///{0}/yourvstofile.vsto", path.Directory.FullName.Replace("\\", "/")));
    
    
                var entry = new AddInSecurityEntry(solutionLocation, publicKey);
                if(!UserInclusionList.Contains(entry))
                    UserInclusionList.Add(entry);

    4. in your setup project go to custom actions editor, under install node add primary output of your project from step 1

    Now when you install your add-in it should be added to inclusion list. Uninstall and install using new installer on machine where you have troubles.

    http://msdn.microsoft.com/en-us/library/cc442767.aspx

    http://msdn.microsoft.com/en-us/library/bb608607.aspx

    • Marked as answer by Anup Mistry Monday, April 2, 2012 2:21 PM
    Wednesday, March 28, 2012 8:11 AM
  • Looks like I finally found what is causing this issue. A quirk in the way the ClickOnce reads the certificate "chain". See article >>

    http://support.microsoft.com/kb/970682

    Does not look like MS fixed the same issue in VSTO 4.0 either. Any suggestions other than asking users to install the Intermediate Certificate Authority manually?

    Thursday, March 29, 2012 8:22 PM
  • deploying via msi is not an option?
    Monday, April 2, 2012 10:34 AM
  • Ping back ...

    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/690a1bcd-0c39-485e-8b1a-77f3b428ceef

    Think your original idea of using Inclusion List is the solution. Am going to try that next. Thanks

    Monday, April 2, 2012 2:21 PM