Microsoft Office Development - Deployment Of Document Level Customizations & Code Signing Certs RRS feed

  • Question

  • So I have my Document Level Office 2007 Excel Template file project signed by a 3rd party Certificate provider, specifically Entrust.

    I'm not sure where really to ask this question but basically, I need to find out the following:

    * I sign my Project with a Authenticode Code Signing Certificate (.pfx). 

    * If I export that Authenticode Certificate from my computer as a CER file instead of the PFX, and exclude the Private Key from the CER file, can I import that *.CER certificate file onto another users machine, in the Trusted Publisher Store, and will that cert that get's loaded into the users Trusted Publisher store hook or resolve to the Code Signing Cert that I signed my solution with?

    Basically, if you look at this link "", the Runtime and ClickOnce security checks, the solution is supposed to hit a question of "Is the certificate in the Trusted Pusblisher list?".  I'm trying to make sure I get the certificate i used to sign the solution into the Trusted Publisher list as part of my installation.  I seem to only be able to import my Certificate to an end users machine if I imported a Certificate file (.CER) that was exported without the private key. 

    So I really just need to know:  MyCert.PFX was imported onto my machine.  I exported MyCert from my machine as MyCert.CER without a private key.  Will Office pair MyCert.PFX signed Excel files (their manifests) to the MyCert.CER file if I import MyCert.CER onto another users machine.  The user will never have the MyCert.PFX imported onto their machine.


    Friday, October 26, 2012 9:31 PM

All replies

  • thread was moved and not sure if this has been seen in the VSTO Forum.


    Monday, October 29, 2012 11:35 PM
  • Hi Rob,

    Thank you for posting in the MSDN Forum.

    I'll involve some experts who are more familiar with your issue, this may take some time.

    Thank you for your patient and understanding.

    Best regards,

    Quist Zhang [MSFT]
    MSDN Community Support | Feedback to us

    Wednesday, October 31, 2012 2:01 AM
  • yes, office should 'pair' your customization to certificate in trusted publishers.
    Wednesday, October 31, 2012 11:25 AM
  • Thank you!  By chance are you speaking on behalf of Microsoft so I have this forum post at least to come back to if I run into an issue with the pairing? 


    Wednesday, October 31, 2012 8:38 PM
  • no, guys that work at MS have MSFT in their descriptions.
    Thursday, November 1, 2012 11:56 AM
  • Hello Rob,

    If the certificate is installed on the Trusted Root, Office will be able to load the Document Customization. The only thing that you need to take care is the content under which the resolution of the Certificate is attempted should have the certificate. That is if it is a Machine context, you need to install in Computer Store.


    Sreerenj G Nair

    Thursday, November 8, 2012 1:36 PM