none
Where can I get a certificate to sign my VSTO outlook addin? RRS feed

  • Question

  • I have a VSTO outlook add-in that I want to publish. When I install the vsto, Windows 10 says that the publisher is not trusted. To avoid this prompt, I know I might have to buy a certificate and sign my VSTO.

    Visual Studio can generate Temporary certificate which is for development purpose, but not production, and is therefore not a trusted certificate.

    My question is, where can I apply a trusted certificate? Is is OK from here?

    https://www.comodo.com/e-commerce/code-signing/code-signing-certificate.php?key5sk0=2128&key5sk1=3495ec828039acf3e9b52f3c6a5284357b836811



    My VSTO calls 3rd party SDK (by adding dll references), I am also wondering: is it enough to only sign my VSTO? or does the SDK also need to be signed?


    Sunday, November 22, 2015 2:14 PM

Answers

  • Qu,

    You can use SignTool.exe (Sign Tool), it is a command-line tool that digitally signs files, verifies signatures in files, and time-stamps files.

    This tool is automatically installed with Visual Studio and with the Windows SDK. To run the tool, we recommend that you use the Visual Studio Command Prompt or the Windows SDK Command Prompt (CMD Shell). These utilities enable you to run the tool easily, without navigating to the installation folder. For more information, see Visual Studio and Windows SDK Command Prompts.

    Software vendors sign their libraries with their own digital signatures. If it is not signed, I believe you can sign these assemblies with your own key. See Deploying an Office Solution by Using ClickOnce for more information.

    • Marked as answer by Qu Fanxin Thursday, December 10, 2015 5:32 PM
    Sunday, November 22, 2015 5:28 PM

All replies

  • Qu,

    You can use SignTool.exe (Sign Tool), it is a command-line tool that digitally signs files, verifies signatures in files, and time-stamps files.

    This tool is automatically installed with Visual Studio and with the Windows SDK. To run the tool, we recommend that you use the Visual Studio Command Prompt or the Windows SDK Command Prompt (CMD Shell). These utilities enable you to run the tool easily, without navigating to the installation folder. For more information, see Visual Studio and Windows SDK Command Prompts.

    Software vendors sign their libraries with their own digital signatures. If it is not signed, I believe you can sign these assemblies with your own key. See Deploying an Office Solution by Using ClickOnce for more information.

    • Marked as answer by Qu Fanxin Thursday, December 10, 2015 5:32 PM
    Sunday, November 22, 2015 5:28 PM
  • Thank you Eugene, it's helpful and I will have a try.
    Thursday, December 10, 2015 5:32 PM