I have developed an STVO add-in for Outlook. This add-in works great on both my personal computers (Office 365) and my company computer (also Office 365).
However, an acquaintance for whom I programmed the add-in (Microsoft Professional Plus 2019) always gets the following error (error message translated into English, it may be slightly different): User-defined functions cannot be used in this application because the certificate used to sign the deployment manifest for XXX or its location is not trusted.
On all other machines I just get a warning that it could be a potential threat, but on the acquaintance's machine the above error message comes up and you can't install it.
What do I need to change so that he can install it too?
Assuming your add-in isn't signed with a trusted certificate but perhaps yours, Outlook doesn't recognize the publisher. For commercial use, it is recommended to sign the code with a "code signin certificate" issued by a trusted authority so that all customer PCs recognize the certificate. Once you have the certificate, follow these simple steps written in the documentation to sign the project How to: Sign Office solutions
I hope I have been helpful
Try to install the certificate before to running the installer - in Windows Explorer, right click on your signed file, Digital Signatures | Details | View Certificate | Install Certificate.
Before a solution can run on user computers, either you must grant trust or users must respond to a trust prompt when they install the solution. To grant trust to the solution, sign the manifests by using a certificate that identifies a known and trusted publisher. See Trust the solution by signing the application and deployment manifests.
You may find the Deploy an Office solution by using ClickOnce article helpful.
Related
I have written a very simple add-in that adds a button to the ribbon of outlook (C#).
I have spent days trying to get this very simple add-in to install on another machine using the clickonce method.
I have published clickonce to ftp using Visual Studio. All fine so far.
Upon running the resulting vsto (or setup.exe) on a different machine I am getting the error:
'System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for Add-In or its location is not trusted. Contact your administrator for further assistance.'
I understand the idea behind a certificate being required to remove rogue add-ins being added to Outlook. I have signed the clickonce deployment using a test certificate on my machine.
Simply is it possible, without paying for a third-party certificate, to give a user the clickonce url and them install it without me having to do anything to their machine? (and/or domain etc.) This is ideally to be used by lots of enterprise users. Altering their environment isn't practical.
Many thanks.
Check your certificate chain. Most likely you need to place a copy of the certificate into:
Certificates - Current User\Trusted Root Certification Authorities
...so your "issuer" is trusted in order for your certificate to be trusted.
We're building a proof of concept windows application based on Windows Forms.
We plan to offer the package for beta testing to a small focus group but whenever one tries to download the app from our website Google Chrome / Internet Explorer report that the software may be malware.
I am not an actual desktop software developer, C# is just an hobby and I have no clue on how "sign" the software as legit. Any advice from someone doing this on a daily basis?
The following are some of the code signing tools I've used so far:
SignTool of Microsoft
DigiCertUtility
Those code signing tools are free and there are a lot of it out there but you need to buy digital certificate to sign your code or your installer to make your software trusted. Before you can buy a certificate they will verify few credentials about you or your company because they will put it in your certificate as trusted publisher.
I made Word Add In using C# whenever I run addin, it shows following error, I enabled all macros in Trust center but it doesn' work at all.
The Deploying an Office Solution by Using ClickOnce article in MSDN states the following:
Before a solution can run on user computers, either you must grant trust or users must respond to a trust prompt when they install the solution. To grant trust to the solution, sign the manifests by using a certificate that identifies a known and trusted publisher. See Trusting the Solution by Signing the Application and Deployment Manifests.
As you may see the macro security settings of the host application does't play any role there. You need to sign the manifests by using a certificate. You can read more about that in the Configuring ClickOnce Trusted Publishers article. Also see the ClickOnce Security and Deployment section in MSDN for more information about ClickOnce installers.
I have created several applications, these are deployed on the server and will be opend by the user from the network.
Each time a user opens a application they get confronted with a security warning:
Open File - security warning
We can't verify who created this file. Are you sure you want to run this file?
Is it possible to supress this message by code?
I found an article that says I need to Sign the application but unfortunately this is not help. Another article I found says I need to manual change the security level, but that is not what I want.
I just want Windows to trust my applications.
You have to sign your application with an so called "Microsoft Authenticode Certificate". Furthermore you need to register the Certificate as Trusted Publisher on all affected machines (easy if you are in an business environment with an Active Directory).
You could use the Windows Certificate Snapin (press CTRL + R and type Certmgr.msc) to display all installed certificates on your machine. There you will find a folder named trusted puplisher. However this is only possible in business environments where you have some kind of control over the network (active directory etc.). If you're distributing your application over the internet you will have a hard time ;)
Remember, certificates are about trust and there is a reason for this warning because an *.exe file could indeed harm your computer.
EDIT:
helpful post about Microsoft Authenticode Certificates
I have a ClickOnce application that I built for a client, and I need it to be from a trusted publisher. How do I go about acquiring an Authenticode certificate and sign my application with it? So that when the application is launched, it's from a trusted publisher?
How do I install the certificate? Do I have to install it on my development server or does it matter where I install it?
How does the whole process work? I don't want to spend 3-5 hundred dollars on a certificate, and install something wrong and be out of luck.
Are there good tutorials on purchasing and installing a certificate and signing a ClickOnce application?
I recently went through this process. A certificate is not that expensive - we got a code-signing certificate for less than a $100.
After you have the certificate, follow the FAQ HOWTO: Code signing how-to* to sign your code (binaries).
After that, you have to go to project properties -> Signing and upload your certificate there as well (it's for ClickOnce). You can skip code signing though and sign ClickOnce only.
ClickOnce requires a certificate for code signing, and others will not work, see ClickOnce Deployment and Authenticode:
For ClickOnce applications, you must have an Authenticode certificate
that is valid for code signing; if you attempt to sign a ClickOnce
application with another type of certificate, such as a digital e-mail
certificate, it will not work.
Jan'18 UPDATE:
StartSSL is not trusted anymore, and I did NOT find any free (or similar to what StartSSL was offering) code signing certificates. At the end of the day, I went with ksoftware.net - $84/year for Comodo code-signing certificate (but you need to have DUNS record available for them to check!)