When I am Installing My Customized Word Add-in on Client Machine it is Giving this Warning "Unknow Publisher Install or Dont Install".
How do get I get rid of this warning?
The certificate you create (a temporary one) is only valid for your computer.
To get rid of "unknown publisher" you need to sign you addin with a code signing certificate purchased from a trusted authority. To buy one you'll need to contact that authority, and prove your identity.
Some list of code signing authorities can be found in this topic for example:
https://stackoverflow.com/questions/1077800/which-code-signing-authority-should-i-go-with
Related
We have an application where we use several PowerShell scripts. We received a complain regarding about they aren't signed and unable to run them if they have the strictest Execution Policy - AllSigned.
I signed with our certificate issued by well-known issuer via signtool as we do it for dlls and exe app but even after that there is an issue if I try running the script I'm getting warning:
Do you want to run software from this untrusted publisher?
It's signed by a certificate issued by know CA (Sectigo). Only how can I get rid of this warning is to add the certificate to Trusted Publishers. It's not good for customers to do those steps (but maybe it's necessary security step). Note: With the same certificate, we sign exe app and it works fine and Windows doesn't complain. (Look like PowerShell policies are stricter.)
Is it possible somehow avoid getting this warning on a customer side without manually adding our certificate into Trusted Publishers? Looks to me that it is not possible.
What I've found out so far:
I've searched across internet and it looks like there is no solution for that. Even if I used PowerShell script signed by Microsoft Corporation I get the same warning unless I add to the Trusted Publishers folder.
Also e.g. HP directly recommends to add the certificate manually to the cert store.
In a documenation about execution policies is written in AllSigned section: Prompts you before running scripts from publishers that you haven't yet classified as trusted or untrusted.
From those all information, I got it as there is no way how to avoid getting this warning on a customer side without adding to the cert store. I want just to assure myself I'm right.
Our company uses exclusively Apple devices. At the same time we use Microsoft 365. Using S/MIME on the desktop works but using S/MIME with Outlook for iPhone leads to Outlook for iPhone complaining about the certs not being valid. Earlier certs were rejected with the error message "unable to build chain" (or similar). It hints to Outlook for iPhone not being able to build the chain of trust because of missing root and intermediate CA certs.
I tried importing those as PEM or DER without success. I built the trust chain by concatenating the certs and converting all together into P12/PFX but to no avail.
Reading encrypted mails does work by the way, sending does not.
Microsoft's support now suggests to export the trust chain as Microsoft Serialized Certificate Store (SST extension) but that requires a MMC with certs snap-in. For my own cert I could do that by using a VM but we have more employees than just me. I found several hints at using PowerShell for that but all guides online only explain how to do that using the MMC.
I'd like to automate the task of requesting client certificates from the CA attached to our Active Directory. Currently, I use certmgr and click "Request New Certificate" from the menu and do several other selections, including selecting an appropriate policy.
Surely, Powershell can help me with this, as I already use it to get rid of old certificates. Is there a module which can be used for this or does Powershell 3 cover this out-of-the-box?
I think certreq could be what you are looking for.
Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.
Then there is another useful utility when dealing with certificates in windows - certutil
I cannot add any certificates on AS2 messages in BizTalk.
So here's what I have for the moment (I have installed 2 certificates on the BizTalk machine using the same account as the on under which the Host Instance is running.
The 2 certificates are the following and placed in the locations:
\Personal\Certificates - My own certificate 'pfx'.
\Other People\Certificates - Party certificate 'cer'.
So far the importing of the certificates.
Now, when in BizTalk Administration, I go to Parties and I go on the agreement between the parties. In that window I go down to 'Signature certificate' and I check "Override group signing certificate". Then when I click "browse" I see:
"No certificate available."
"No certificates meet the application criteria".
Any idea on what's wrong here?
I've found it. The certificates should be installed under the same instance that the BizTalk Administration Console is openend. Otherwise the certificates could not be found.
I'm creating a new CSR (Certificate Signing Request) using the Keychain Access tool:
Certificate Assistant -> Request a certificate from a certificate authority...
In the certificate information I fill in my email address and name,
selecting the "Save to disk" option.
I save the CSR to the desktop
The wizard completes successfully, but no file is saved to disk!
I've done this before, but this time it just isn't working. I tried restarting the
Keychain tool, restarting the computer, no luck.
Any ideas?
You have an existing private key selected in the main window of Keychain Access. That is also why it says "Request a certificate from a certificate authority using {some id}" in the menu. Deselect the private key by selecting something else, and then it will work. Apple if you're reading this, you need an error message at the end of the sequence described above.
I had the same problem. I noticed (after reading the first answer above), that I had the Keys category selected. I then selected the Certificates category, ensured I did not have any of the available Certificates selected, and I started my request and this time it worked like a charm.
Had the same problem. Here's the solution (for me at least).
You can have only one developer certificate installed on one machine - delete your old certificate from the keychain and you will be able to create the new one normally.