none
App signing for commercial use RRS feed

  • Question

  • I'm developing AddIn for MS Office Word, addin makes connection between Word and my Web Application. Web application and word addin are commerical programs, my client will sell them. So, my question is - shall I sign my AddIn somehow to make it "legal" and "official".

    Sincerely,

    Anton.

    Monday, June 15, 2015 9:17 AM

Answers

  • Certificates are issued by a certification authority, and like a driver’s license, can be revoked. A certificate is usually valid for a year, after which, the signer must renew, or get a new, signing certificate to establish identity.

    A certificate authority is an entity similar to a notary public. It issues digital certificates, signs certificates to verify their validity and tracks which certificates have been revoked or have expired.

    Don't like to advertise any of them, take a look at the link mentioned above for the list.

    Friday, June 19, 2015 2:41 PM

All replies

  • Hi Anton

    The terms "App" and "Addin" are a bit confusing, especially now that Microsoft has decided to call "Apps" "Add-ins". So Word now has three kinds of Add-ins: VBA templates, COM Add-ins (including VSTO) and "Apps for Word".

    Which kind have you developed? Without that information it's difficult to give you an answer?

    And what do you mean by "legal" and "official"?

    Normally, the reason code is signed digitally is to ensure "trustworthiness": the user (or IT) have to trust the software before it's allowed to run and these days that means a digital code signing certificate. Usually, the entity selling the software would do the signing?


    Cindy Meister, VSTO/Word MVP, my blog

    Monday, June 15, 2015 6:06 PM
    Moderator
  • Hello, thanks for answer!

    I develop COM AddIn. By saying legal I meant "trustworthiness".  I know that services like GoDaddy can do this, but can you recommend something?

    Sencirelly,

    Anton.

    Thursday, June 18, 2015 3:27 PM
  • Hi Anton,

    shall I sign my AddIn somehow to make it "legal" and "official".

    Digital signatures iare used to confirm that your software wasn't changed by anybody else (was tampered), but not "legal" or "official". Signatures prove that the software comes from a trusted vendor (you). See Introduction to Code Signing for more information in MSDN.

    It is up to you whether to sing a software or not. But to confirm your identity it is recommended doing so.

    Thursday, June 18, 2015 4:39 PM
  • You just need to purchase a certificate and sign the software. There is no need to use GoDaddy and etc.
    Thursday, June 18, 2015 4:41 PM
  • Where I need to buy a certificate? Is it microsoft certificate? Can you give me a link please?
    Friday, June 19, 2015 2:35 PM
  • Certificates are issued by a certification authority, and like a driver’s license, can be revoked. A certificate is usually valid for a year, after which, the signer must renew, or get a new, signing certificate to establish identity.

    A certificate authority is an entity similar to a notary public. It issues digital certificates, signs certificates to verify their validity and tracks which certificates have been revoked or have expired.

    Don't like to advertise any of them, take a look at the link mentioned above for the list.

    Friday, June 19, 2015 2:41 PM
  • Thanks for your answer! But could you provide me with some specific URLs where I can get new certificate.

    Sincerely,

    Anton.

    Monday, June 22, 2015 8:14 AM
  • hi,

    You may search it on the internet.

    Regards

    Tuesday, June 23, 2015 1:32 AM
  • Hi Anton

    See this article, specific to code-signing (rather than certificates for web servers):

    https://en.wikipedia.org/wiki/Code_signing

    A number of CAs are listed there (including GoDaddy) with links.


    Cindy Meister, VSTO/Word MVP, my blog

    Tuesday, June 23, 2015 3:55 PM
    Moderator