The Phases of the ClickOnce Trust Prompt (Mary Lee)

  • Comments 4

Signing your Office solutions with a certificate is a mandatory step, but there are several optional steps that can change the way the certificate is presented to the end user or customer.

This example uses a Visual Studio generated test certificate, but the dialog box is similar to what you would see if you are using a purchased code-signing certificate. These steps are listed in the How to: Add a Trusted Publisher to a Client Computer for ClickOnce Applications topic in the MSDN Library and assumes that the ClickOnce Trust Prompt and inclusion list are enabled as outlined in How to: Configure Inclusion List Security

Phase 1. If the certificate used to sign the Office solution is not added to the Root or the TrustedPublisher stores, the Publisher is shown as Unknown Publisher and there is a yellow shield presented in the Microsoft Office Customization Installer dialog box.

clip_image002

 

Phase 2. If the certificate used to sign the Office solution is in the Root store, but not the Trusted Publisher list, the Publisher is shown as Redmond\marylee and there is a green shield.

The step used to add the certificate to the Root store is the following: certmgr.exe -add good.cer -c -s -r localMachine Root

clip_image002[5]

 

Phase 3. If the certificate used to sign the add-in is in the Root list and the Trusted Publisher list, you only see that the add-in was installed successfully.

The step used to add the certificate to the TrustedPublisher store is the following: certmgr.exe -add good.cer -c -s -r localMachine TrustedPublisher

clip_image002[7]

 

If you have questions, visit the VSTO forum to search for answers or post new questions.

 

Mary Lee, Programming Writer.

Leave a Comment
  • Please add 2 and 5 and type the answer here:
  • Post
  • I tried the steps above but I never get a greenshield - I always get a yellow shield.

    Looks like FAIL!

  • more information:

    - Tried to reproduce your blog post with the following settings:

    OS: Windows 7 x64 Professional (german)

    IE Version: Windows Internet Explorer 9 Beta

    Cert: VeriSign Authenticode Code Signing Certificate

    VSTO: VSTO for Office 2007/2010 based on.NET Framework 4.0

  • What I'm still unclear about, is if I'm a VSTO addin developer inside a domain, but I'm not the IT admin, is there anything simple I can do to achieve the middle experience?  

  • Joe, did you ever find a solution to this? I am having the same problem, we are deploying the VSTO plugin as an .msi file. I am only getting a yellow shield on Windows 7 64-bit with Office 2007, with Office 2010 SP1, i don't get a single prompt (green or yellow).

Page 1 of 1 (4 items)

The Phases of the ClickOnce Trust Prompt (Mary Lee)