I have a self-sign certificate for signing an Excel add-in deployment manifest. The add-in will be used on our internal network only so there is no need to pay for a third party one. When I try to build the project (Excel 2013 VSTO add-in project type in Visual Studio 2015 .NET Framework 4.6.1), I get the error
MSB3482: An error occurred while signing: Invalid provider type specified.
Certutil.exe reveals that the cryptography provider is Microsoft Software Key Storage Provider. If I use a test certificate (which I can only develop with but not deploy), its provider is Microsoft Strong Cryptographic Provider. With that certificate, the project builds fine. I found a page that says you can't use Cryptography Next Generation certificates (like Microsoft Software Key Storage Provider) but I can't seem to find this from any official (e.g. Microsoft) source. Our IT guys won't change the provider type without some more compelling evidence. Is it true? Also, can you definitely generate SHA2 certificates using Microsoft Strong Cryptographic Provider?
