How to correctly sign VSTO app?

2
votes

I have a question related with code signing.

I have EV Code Signing certificate and crypto card. Usually when I sign exe or msi I use VS Command Prompt and SignTool but in case of VSTO SignTool does not recognize the file format.

I've created VSTO Excel 2010 addin (with compatibility with Office 2010, 2013 and 2016) and whole app packed into Windows Setup Project => msi.

I can sign msi using SignTool so during installtion the publisher is Windows prompt is safe/known. But then when I start Excel there is a prompt to install addin as it is from unknown publisher...

I've tried to use mage to update .vsto and .manifest files but with no success -> mage could not use this certifiacte to sign error and nothing else ...

Thanks in advance for any tips how to sign vsto using EV Code Signing with password.

1
exceldeploymentvstosigning

1 Answers

2
votes

Ok, so I figured out problem...

Deployment machine - Windows 10 build 15063.296 (64-bit) Visual Studio 2017 EV Code Signing Certificate

Steps to undertake:

  1. Update Visual Studio to version 15.5.

  2. Open solution.

  3. Clean solution.

  4. Switch off all things from usb ports...

  5. Switch on crypto card USB.

  6. Right click on project.

  7. In signing check the Sign the ClicOnce Manifest.

  8. Select From Store and select Your EV certificate.

  9. Build solution - You should get prompt for password to Your crypto card.

In my case solution was deployed using Windows Setup Project. So:

  1. Build setup project - You should also get prompt for password to Your crypto card.

  2. Open Developers command prompt and use SignTool.exe to sign .msi with EV certificate.

As a result Your installer is signed and You are trusted publisher. When You open Office then Your add in is also from trusted publisher.