I created a VSTO Excel Add-in ribbon. That I published to setup.exe. But when the end user tries to install it, it fails with this error:
Customized functionality in this application will not work because the
certificate used to sign the deployment manifests for [Add-In] or its
location is not trusted. Contact your administrator for further
assistance.
I can install the Add-In by doing the following.
Unzip and right click on “setup.exe” and select properties
Click on Digital Signatures tab
Select [issuer] from the Signature list and click the Details button
When the Digital Signature Details dialogue appears, click View Certificate
When the Certificate dialogue appears, click on Install Certificate
The Certificate Import Wizard window should appear. Choose the following:
a. Store Location: Current User, click the Next button.
b. Certificate Store: Place all certificates in the following store, Click Browse, select Trusted Root Certification Authorities, click the Next button.
c. Click the Finish button.
d. A security Warning should appear asking “… Do you want to install this certificate?” Click Yes.
e. Click OK. On the “The import was successful.” Dialogue.
Click OK to exit the Certificate dialogue
Click OK to exit the Digital Signature Details dialogue.
Click OK to exit the setup Properties dialogue.
then I run the setup and all works. The problem is we must send this setup file to many users. and NO ONE will want to do that. I've been messing around with the solution properties -> Signing -> Sign the ClickOnce manifests, but I can’t seem to bring up the Trust Prompt on anything I alter. I don’t have a paid for certificate, I just need the prompt to appear for the user to choose to trust it. I haven’t found an answer online on how to allow this prompt to appear. Any help is greatly appreciated.
You can deploy your VSTO to the Program Files directory. Your add-in will be considered as being safe since admin rights are required to install in this directory. I believe it is the simplest way.
Granting Trust when using Windows Installer You can use Windows Installer to create an MSI file to install Office solutions into the
Program Files directory, which requires administrator rights. For
Office solutions in the Program Files directory, the Visual Studio
2010 Tools for Office Runtime considers these Office solutions to be
trusted and does not show the ClickOnce trust prompt.
source msdn
If you give it a second thought, this feature (certificate signing) is designed to specifically disable your scenario. Means, it is built to prevent users from installing non-signed add-ins downloaded from the internet.
I think, if you have so many users which are not in your organisation (so that "correct" certificate cannot be installed centrally), the only reasonable way to overcome this is to buy a certificate from some authority (to pass organization or identity validation). It's not really expensive, and will ensure your users that the thing they are installing is really coming from you.
Related
I am developing a clickonce C sharp project in Visual Studio.
On my main computer, I have generated a self-signed certificate for the clickonce manifest.
This works fine, I can compile, deploy and run.
I also sync this solution to my github account, and regularly pull updates down to a backup computer.
The backup computer is not able to simply compile this solution, as it gives errors in regards to self-signed keys.
I could generate a new one on the backup computer, but then when I deploy to same testbed, it causes issues because the certificate is from a different location.
I want to quickly be able to deploy from the backup computer in the event that there is an issue with the main.
How can I share the main computer's generated certificate with my backup environment without issue?
My apologies if this is straightforward or I am missing something obvious.
Run certmgr.msc (user) or certlm.msc (computer) and look in My Certificates for the certificate. Right click it an check if you can export it with the private key resulting in am PFX file (PKCS#12).
If this is not possible generate a new one with the -ExportPolicy Exportable option.
Can anyone help me create a certificate to use with the new version of Remote Desktop Connection Manager v2.7? I see the new version removed the "Store as plain text" option, but added using a certificate to the list.
I was wondering if anyone knew how to create a certificate (self-signed or whatever) that I could install on both computers to allow me to pass the config file between machines. I haven't been able to find anything online!
Thanks in advance.
If you in Remote Desktop Connection Manager click on the Help menu, and Usage, you will see a web page. On the Contents list, click on Encryption Settings (Under Local Options). There you will see how to create a personal certificate that RDCMan can use.
You will first need to get makecert.exe if you don't have it on your computer. You can get it by installing Windows SDK or Visual Studio.
I need to demonstrate a test version of my app. I DON'T want to load it to the store yet. I want create an installer of my app, so the user can go to my site and install the application by clicking.
First of all, have you read the documentation including developer installation, enterprise installation, publishing on the Web Store only to test accounts, and recent announcements of changes? Assuming you have, then with the exceptions listed in those sources, all apps/extensions must be published in CWS. They don't have to be listed publicly, but they do have to be published there.
Your best bet is to use the test-account feature of CWS for your demonstration.
This is very easy, yo can create the installer vía chrome://extensions > Developer Mode > Package extension.
Then you got the .crx file, you can upload it anywhere and share it. To install it, user must open chrome//extensions and drop the file in the page.
The option to install from webpage by clicking was disabled in Chrome for security reasons.
I work at a company who does 3rd party iOS development for various enterprises. I've been tasked with researching a better way to build and deploy code to these enterprises. Based on the Apple TOS, they cannot use an application signed with our Enterprise certificate (they're not "in house"). The code needs to be signed with their (our clients) Enterprise certificate. Here are a few possible solutions I've seen -
1) Send the code to the client, and have the client build it. This is a no-go.
2) Create a library with the application code and send the .so file, and the headers, to the client for building. We're currently doing it this way but are looking at making this easier on the client/us.
3) Have the client send us their certificate, mobileprovision, and .p12 file and then we build the application using their certificate. This could work but could become a management nightmare.
We've come up with an idea that is kind of a mix of these ideas. The idea involves building a customer portal where the client can upload their files (cert, p12, provision) to our Mac server and the Mac will automagically build their application, properly signed. The problem I'm having, however, is I can't seem to find out how to automate the installation of certificates and provisions.
So with that said, does anyone know of a way to install a CodeSign certificate (with a .p12 file) and a mobile provision file from the command line? Once installed is there also a way to remove the items from the command line?
Any help, ideas, and/or input would be greatly appreciated. Thanks!
You should be able to manage those resources in the keychain using the security (http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/security.1.html) command. The script I'm using to control command line builds might be a useful reference: https://gist.github.com/949831
Admittedly I've only ever had a maximum 2 external clients plus my own stuff at one time, so it was mostly only the same nightmare that it usually is by default, but how bad would it be if you had to manually do everything EXCEPT the provisioning profiles? In my experience once the client certs got added I never really messed with them again even with new projects (from the same clients.)
You could handle the provisioning profiles by simply copying the files into ~/Library/MobileDevice/Provisioning Profiles, and deleting them when no longer needed. It sounds like you are already set up to automate that process.
If you're currently installing the provisioning profiles by "dropping them onto xcode" I'd suggest you do it by copying into the folder anyway, because then the file names are preserved and so you actually can tell what you have installed by simply looking at the folder.
I have a smart client app (WinForms/WPF) currently deployed using ClickOnce.
A particular client has expressed the desire to silently deploy the app to it's intranet network users as part of its nightly/weekly client PC update service - presumably via MS Systems Management Server (SMS) and Group Policy or similar (I don't understand the exact mechanisms). As such, they've requested a .MSI installer instead.
So a few questions for confirmation (along with my thoughts on answer - am more than happy to be wrong!):
Can a ClickOnce app be silently installed en-mass by admin???
My thoughts: No, because ClickOnce is a per-user installation this would be difficult unless the user is actually logged in at time of remote installation.
Is there a tool to convert a ClickOnce app/project's settings to a simple MSI installer project (e.g. Visual Studio Deployment Project)???
My thoughts: Not in the box, but would love a tool to repeatedly copy/use settings from the ClickOnce config to the deployment project - e.g. ProductName, Version, File Associations etc. This way we only maintain one set of deployment settings.
Any other alternatives for this scenario to get 'er done quick...?
I don't think you can install a ClickOnce application silently, certainly not with SMS. And I don't know of any tool that does that, but it doesn't mean it doesn't exist. ;-)
The idea of deploying a shortcut is an interesting thought. Have you ever noticed that if you leave a shortcut on the desktop even after the application is uninstalled, if the user clicks on it, it reinstalls the application?