The Phases of the ClickOnce Trust Prompt (Mary Lee)

Signing your Office solutions with a certificate is a mandatory step, but there are several optional steps that can change the way the certificate is presented to the end user or customer.

This example uses a Visual Studio generated test certificate, but the dialog box is similar to what you would see if you are using a purchased code-signing certificate. These steps are listed in the How to: Add a Trusted Publisher to a Client Computer for ClickOnce Applications topic in the MSDN Library and assumes that the ClickOnce Trust Prompt and inclusion list are enabled as outlined in How to: Configure Inclusion List Security

Phase 1. If the certificate used to sign the Office solution is not added to the Root or the TrustedPublisher stores, the Publisher is shown as Unknown Publisher and there is a yellow shield presented in the Microsoft Office Customization Installer dialog box.

clip_image002

 

Phase 2. If the certificate used to sign the Office solution is in the Root store, but not the Trusted Publisher list, the Publisher is shown as Redmond\marylee and there is a green shield.

The step used to add the certificate to the Root store is the following: certmgr.exe -add good.cer -c -s -r localMachine Root

clip_image002[5]

 

Phase 3. If the certificate used to sign the add-in is in the Root list and the Trusted Publisher list, you only see that the add-in was installed successfully.

The step used to add the certificate to the TrustedPublisher store is the following: certmgr.exe -add good.cer -c -s -r localMachine TrustedPublisher

clip_image002[7]

 

If you have questions, visit the VSTO forum to search for answers or post new questions.

 

Mary Lee, Programming Writer.