I have created several applications, these are deployed on the server and will be opend by the user from the network.
Each time a user opens a application they get confronted with a security warning:
Open File - security warning
We can't verify who created this file. Are you sure you want to run this file?
Is it possible to supress this message by code?
I found an article that says I need to Sign the application but unfortunately this is not help. Another article I found says I need to manual change the security level, but that is not what I want.
I just want Windows to trust my applications.
You have to sign your application with an so called "Microsoft Authenticode Certificate". Furthermore you need to register the Certificate as Trusted Publisher on all affected machines (easy if you are in an business environment with an Active Directory).
You could use the Windows Certificate Snapin (press CTRL + R and type Certmgr.msc) to display all installed certificates on your machine. There you will find a folder named trusted puplisher. However this is only possible in business environments where you have some kind of control over the network (active directory etc.). If you're distributing your application over the internet you will have a hard time ;)
Remember, certificates are about trust and there is a reason for this warning because an *.exe file could indeed harm your computer.
EDIT:
helpful post about Microsoft Authenticode Certificates
Related
We recently updated our applications to make use of SHA-256 code-signing with a new certificate. The assemblies are strong name signed using the Sign the assembly option in Visual Studio 2015. The post build event in Visual Studio runs two signtool.exe processes to sign both in SHA-256 and for the legacy SHA-1 certificate:
call "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe"
sign /f "<mystrongName.pfx>" /p "<password>" /t
<timestampURL> "$(TargetPath)"
call "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe"
sign /f "<mystrongName.pfx>" /p "<password>" /fd sha256 /tr
<timestampURL> /td sha256 /as /v "$(TargetPath)"
Finally we use Advanced Installer as the installation packager and that too is code-signed on the Digital Signature page using the certificate and timestamp as per the .exe signature.
The final setup file installs and runs on Internet connected Windows machines as you would expect. You can see the certificate is assigned and valid, as well as the certificate chain through the properties of both the setup.exe and the runtime when installed. Furthermore, Windows recognizes the application as from a trusted source and displays the appropriate verified publisher details.
Our customer-base is largely global 100 companies and most of the deployments will be occurring in air-gapped networks. In one of our fist updated deployments in this environment, the certificate could not be verified preventing the installer from completing.
This made sense, because the Windows (2012 server R2) machines were isolated from the Internet and, due to company policies, had Turn off Automatic Root Certificates set to Enabled. This setting can be found in the Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication Settings folder of the MMC application (you need the certificates plugin installed).
When testing on our local test-bed, even machines not connected to the Internet would install the certificates from the setup utility if the above registry setting was the default (Disabled). We could replicate the issue by changing the policy setting to match the customers' (Enabled).
As a workaround, we manually downloaded the Certificate Authorities root certificate and installed it as a Trusted Root Certificate and the install would proceed normally.
When we presented this workaround to the customer, the installation still failed despite the Certificate Authorities root certificate being present in the Trusted Root Certificates of the machine.
The Certificate Authority customer service team recommended that we drop the timestamp from the signing process to allow the install to proceed - and that's the only help they offered (that's another story). However, this means that once the code-signing certificate expires, the application will either cease to run or will present unverified publisher errors.
I'm not totally convinced that this will fix the problem either, because when we tested locally the certificate was still found by the installer and allowed the installation to proceed when the Certificate Authorities root certificate was installed manually.
What I am unable to do is replicate the customers environment to exactly reproduce the problem (which doesn't help). It is almost as if Windows is bypassing the local machine's Trusted Root Certificates store. I am assuming that if this is possible it would be so that Windows can verify against a central root certificate store.
Is this even possible to set up in Windows? If so, where would I find either documentation on this or how is this done?
Am I missing something in the code-signing steps or in my understanding of what should be happening on the installing machine while it is checking the certificate?
I am at a loss as to what to do to get this installer working. What I can't afford to do is keep going back to the customer to get them to keep testing our installs. First-off it's really not the right process to debug, as the supplying vendor it isn't the customers problem to solve, but more importantly, I need our team to understand what is causing this and how to remedy it correctly.
Ideally I don't what to drop the timestamp if I don't have to because down the road this will cause new problems if the software doesn't get upgraded before the certificate expires.
Any and all help much appreciated.
I think one reason a certificate cannot be validated in an airgapped environment may be that revocation cannot be verified. As you may know, a certificate can be revoked, and there are two different protocols to check if it is, CRL and OCSP. Both require network access to the CA that issued the certificate.
Whether revocations are actually checked is governed by policies as described here, and this may cause your issues.
I have written a very simple add-in that adds a button to the ribbon of outlook (C#).
I have spent days trying to get this very simple add-in to install on another machine using the clickonce method.
I have published clickonce to ftp using Visual Studio. All fine so far.
Upon running the resulting vsto (or setup.exe) on a different machine I am getting the error:
'System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for Add-In or its location is not trusted. Contact your administrator for further assistance.'
I understand the idea behind a certificate being required to remove rogue add-ins being added to Outlook. I have signed the clickonce deployment using a test certificate on my machine.
Simply is it possible, without paying for a third-party certificate, to give a user the clickonce url and them install it without me having to do anything to their machine? (and/or domain etc.) This is ideally to be used by lots of enterprise users. Altering their environment isn't practical.
Many thanks.
Check your certificate chain. Most likely you need to place a copy of the certificate into:
Certificates - Current User\Trusted Root Certification Authorities
...so your "issuer" is trusted in order for your certificate to be trusted.
I made Word Add In using C# whenever I run addin, it shows following error, I enabled all macros in Trust center but it doesn' work at all.
The Deploying an Office Solution by Using ClickOnce article in MSDN states the following:
Before a solution can run on user computers, either you must grant trust or users must respond to a trust prompt when they install the solution. To grant trust to the solution, sign the manifests by using a certificate that identifies a known and trusted publisher. See Trusting the Solution by Signing the Application and Deployment Manifests.
As you may see the macro security settings of the host application does't play any role there. You need to sign the manifests by using a certificate. You can read more about that in the Configuring ClickOnce Trusted Publishers article. Also see the ClickOnce Security and Deployment section in MSDN for more information about ClickOnce installers.
I have a Silverlight application executed within a browser that uses the scanner by WIA, I configured my server and my client (I allowed Silverlight to elevated trust in browser,
I signed the xap after I installed the certificate into Trusted Editors and Trust root (into the machine store) , change the registry value,etc all wich it's specified in http://support.leadtools.com/CS/forums/40466/ShowPost.aspx) and when I've published in my local IIS and I load the test page from the same machine: the application works but when i've tried to access to the page from another machine (with internet explorer with a low secured settings and Runned as administrator) I got the exception with the message this operation is not supported in the current context.
what's wrong?
can you help me?
Thanks in advance!
Here is the official Microsoft guide for allowing elevated trust in browser:
http://msdn.microsoft.com/en-us/library/gg192793(v=vs.95).aspx
See: 1.Configure the target computers to allow trusted applications inside the browser by setting the following registry key:
And I don't think you can use a self signed certificate.
Maybe you have to install the certificate on each individual machine you intend to use the app on?
The certificate may work fine run from local host as it uses the test certificate, but is different when accessed from the server.
This would make sense as the elevated trust setting is made for enterprise use.
Check this blog post out, it's a really good guide on how to set up a trusted app.
Silverlight 5 Trusted applications
We have an application that is distribute to a varity of customers. Sometime it is installed on a network share. Usually we can give that application access with caspol.exe and grant the LocalIntranet Zone FullTrust. Sometimes the customers admins do not manage to grant that application access due to some network settings.
When we launch the exe it opens for a short time and appears in the Client Task Manager and disappears silently... now the question is there a tool which gives me some debugging or tracing details on that. Is there a tool to debug security issues like that... I assueme that this happens before any of my code is executed... and I do not see anything in the event trace neither on the client nor on the server...
Any ideas?
Can I recommend - perhaps look at ClickOnce - a click-once application can be hosted on a network share, but has much better security deployment factors. You just run the .application rather than the .exe (VS2005 and VS2008 have all the tools you need to publish a ClickOnce application trivially).
Also - in one of the recent service packs (perhaps with 3.5 SP1), I believe that mapped shares get more priveleges - so \\foo\bar\my.exe would still error, but f:\my.exe (to the same location) should work.
We're having similar issues with our applications which are usually placed on a network share. We're solving this issue by:
signing and timestamping all application components with Microsoft Authenticode certificate issued by Thawte.
deploying msi package containing security policy granting full trust to applications signed by our certificate.
If your company will not / cannot buy code signing cert, you can install a CA somewhere and issue cert for that purpose only ( I think it will work altough this cert will not resolve to trusted root. )
The other option, with a lot more hassle would be to strong-sign all assemblies, and grant full trust to all assemblies signed with that key.
Both approaches result in performing procedure once per workstation ( updated applications will still work ). I think it can even be propagated throughout the enterprise somehow, but never did that and don't know details.