10

I have prepared one setup project for my C# excel add in project. Installing that setup in client PC my add in is installing as unknown publisher.

To resolve this I am adding certificate manually in client PC, but my goal is install my add in as trusted known publisher without adding certificate manually.

Is there any solution to do this?

Thanks in advance.

Rama Krishna
  • 645
  • 10
  • 28
  • 2
    I guess, you are using a self-signed certificate? Normally, you have to use an official certificate from a cerificate authority for production code. Look for Root Certificate and Chain of Trust, e.g. at Wikipedia, for detailed explanations. – KBO Nov 21 '17 at 07:38
  • Yes you are right I am using self signed certificate – Rama Krishna Nov 21 '17 at 07:42
  • How can I use my official certificate(I have official certificate also) – Rama Krishna Nov 21 '17 at 07:45
  • You can use it the same way as you are using the self-signed. In the setup project, replace the self-signed with the official certificate, rebuild the setup and that's it. Because of the chain of trust, your official certificate (from a certificate authority) is automatically chained on local computers, because they have the root certificates normally already installed. – KBO Nov 21 '17 at 08:19
  • Still getting same result, I think I am missing something can you share steps to do this. – Rama Krishna Nov 21 '17 at 08:39
  • Then I need more details, e.g. which Installer you use (InstallShield?), which version, how do you include your self-signed certificate etc. – KBO Nov 21 '17 at 11:32
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/159537/discussion-between-rama-krishna-and-kbo). – Rama Krishna Nov 22 '17 at 03:05
  • I am using 'Visual Studio Professional 2017 Setup Project', and adding certificate via "Select From File" option of "signing" tab in project properties. I am adding certificate to my addin project only, not adding to the setup project – Rama Krishna Nov 23 '17 at 05:04
  • So, sign the setup project, too. Typically, I'm using InstallShield, but it is the same procedure. If you start the setup on a client PC, Windows tries to verify the signature. If the setup is not signed or the self-signed certificate is not correctly installed in the certificate store, you get the 'untrusted' notification. – KBO Nov 23 '17 at 07:31
  • Before starting the setup on client PC, do I need to install certificate in client PC? via properties of .exe ==> Digital Signature Tab ==> Double Click on certificate ==> View Certificate ..... etc. – Rama Krishna Nov 24 '17 at 10:24

1 Answers1

3

If you are using an official certificate from a certificate authority you can sign the setup file (ie msi or .exe) using signtool.exe adding a post-build line to your setup project's properties.

signtool sign /f MyCert.pfx /tr http://timestamp.comodoca.com/rfc3161 /v "C:\...\...\MySetupProject.msi

Signtool is automatically installed with visual studio.

In addition to this and prior to building your setup project, you want to sign the add-in's .dll file (also with signtool) and the manifest (with mage).

Mike
  • 144
  • 10