Develop Office Client Applications using Visual Studio
Signing your Office solutions with a certificate is a mandatory step, but there are several optional steps that can change the way the certificate is presented to the end user or customer.
This example uses a Visual Studio generated test certificate, but the dialog box is similar to what you would see if you are using a purchased code-signing certificate. These steps are listed in the How to: Add a Trusted Publisher to a Client Computer for ClickOnce Applications topic in the MSDN Library and assumes that the ClickOnce Trust Prompt and inclusion list are enabled as outlined in How to: Configure Inclusion List Security
Phase 1. If the certificate used to sign the Office solution is not added to the Root or the TrustedPublisher stores, the Publisher is shown as Unknown Publisher and there is a yellow shield presented in the Microsoft Office Customization Installer dialog box.
Phase 2. If the certificate used to sign the Office solution is in the Root store, but not the Trusted Publisher list, the Publisher is shown as Redmond\marylee and there is a green shield.
The step used to add the certificate to the Root store is the following: certmgr.exe -add good.cer -c -s -r localMachine Root
Phase 3. If the certificate used to sign the add-in is in the Root list and the Trusted Publisher list, you only see that the add-in was installed successfully.
The step used to add the certificate to the TrustedPublisher store is the following: certmgr.exe -add good.cer -c -s -r localMachine TrustedPublisher
If you have questions, visit the VSTO forum to search for answers or post new questions.
Mary Lee, Programming Writer.
I tried the steps above but I never get a greenshield - I always get a yellow shield.
Looks like FAIL!
- Tried to reproduce your blog post with the following settings:
OS: Windows 7 x64 Professional (german)
IE Version: Windows Internet Explorer 9 Beta
Cert: VeriSign Authenticode Code Signing Certificate
VSTO: VSTO for Office 2007/2010 based on.NET Framework 4.0
What I'm still unclear about, is if I'm a VSTO addin developer inside a domain, but I'm not the IT admin, is there anything simple I can do to achieve the middle experience?
Joe, did you ever find a solution to this? I am having the same problem, we are deploying the VSTO plugin as an .msi file. I am only getting a yellow shield on Windows 7 64-bit with Office 2007, with Office 2010 SP1, i don't get a single prompt (green or yellow).
Is there a way to avoid these prompts when you are using a certificate that is signed by a Certificate Authority without importing the certificate on client PCs?