I have both VS2008 and VS2010 Setup projects that create .MSI files. On server 2008, I get warnings that the apps are not "trusted". How can I bake-in trust for the apps I build with Visual Studio?
Thanks.
I think they have to be digitally signed.
You need to get a software publisher certificate to sign your msi with. You can purchase one from Verisign or GoDaddy.com or others.
Here is a link to one option: http://www.godaddy.com/ssl/code-signing-certificate.aspx
Related
I have a C# Visual Studio 2013 solution (FindAlike) consisting of a number of projects. One of these projects (SimilarFiles) is a class library, including an AddIn Express component, as it implements an MS Office Add-in. When I publish the project as a ClickOnce installer an MS Add-in, a folder is created in the projects Publish folder with the version number of the project containing many files with extension .deploy. Also in the folder above are a file called findalike.application and one called setup.exe. If I copy the contents of the Publish folder to a new machine I can install the MS Add-in by clicking on findalike.application, but I receive a warning about an unknown publisher. If I confirm installation it proceeds satisfactorily.
I have a valid code signing certificate purchased from Comodo, which I use successfully with SignTool to sign a Windows Forms self-extracting installer from another project in the solution.
The option to sign the ClickOnce Manifest in the SimilarFiles project is greyed out, presumably because SimilarFiles is a class library project.
I can specify a code signing certificate by right-clicking on the SimilarFiles project and hovering over the Add-in Express entry and then selecting Signing Options, but the warning message still appears when I attempt the installation on a new machine
How can I use the code signing certificate in order to indicate to the ClickOnce installer on the new machine that the manifest is signed?
Signtool does not work on the setup.exe file, stating that it is not a valid Windows executable. Neither does it work on findalike.application
There is a Signing area on the VS Publish form which I'd missed. If I browse for my Code Signing Certificate (.pfx extension) and select SHA-1 only it signs OK, and install proceeds without warning. Thanks to Add-In Express for this solution.
I'm using Visual Studio 2013 professional and InstallShield 2015 Limited Edition.
I have a SafeNet stick and I know how to sign files from the command line.
My Visual Studio solution contains 4 projects: unmanaged Dll, managed Dll (wrapper around the first one), wpf application and an installshield setup project.
My setup output is singleimage (setup.exe file) that contains everything what I need to run and use my application.
The question: how can I define installshield to sign ALL needed files and a setup.exe itself?
Google is not answering my question :(
Ok, I found the part of the solution.
1) In Release section of the setup project (in solution explorer) click on the SingleImage section.
2) At the right section you'll see three tabs, the last one is Signing tab.
The problem is that you need to provide the pfx file.
Creation this file from the SafeNet usb stick is my problem now :)
UPDATE:
My suggestion is to sign the files in post build events in Visual Studio Project properties.
After that sign the setup file and that's all.
I'll try avoid of using InstallShield builder :(
I have tried the following on a C#-based Outlook addin called myaddin following this article:
mage –update myaddin.manifest –certfile mycert.pfx
mage.exe –update myaddin.vsto –appmanifest myaddin.manifest –certfile mycert.pfx
I can install it by manually creating registry keys that specify the path to myaddin.vsto with the supplied |vstolocal suffix under Software\Microsoft\Office\Outlook\Addins\myaddin and it works to install and run myaddin that way, however, some customers complain that when they run Outlook it starts the ClickOnce installer for myaddin.vsto and gives an error, but this should not happen with |vstolocal.
I was able to reproduce this problem by double-clicking myaddin.vsto, so I checked the myaddin.dll.manifest file and saw that there was a ClickOnce developer certificate referenced there. Could it have been confusing Outlook? I was able to get rid of this ClickOnce developer certificate reference by using a newer .NET 4.5 version of mage.exe to update the manifest. Now, if I double-click myaddin.vsto, it says that the publisher is not verified and gives me an install button.
Is this the proper way to go about the signing process and the installation process of an Office addin? Why does it complain that the publisher is not valid?
What is the version of VSTO on your development machine ?
Ensure that it is at the least 10.0.50903
I've made an application with test certificate and installer(with InstallShield limited edition).
In signing option of my project I've chosen options
* Sign the ClickOnce manifests,
* Sign the assembly.
In the installer project in signing tab I've chosen the same digital certificate file, entered password, and option sign output files : Setup.exe and Windows Installer Package.
Option Sign Files in Package is not available. So after installing my program, only Setup.exe and msi file are signed. How to make another exe files and assemblies with digital signature?
If you are referring to the assemblies you are installing, you need to sign them before building the installer. Visual studio can sign, or you can set up a post build step to sign them manually with signcode.
I recommend visual studio.
http://msdn.microsoft.com/en-us/library/9sh96ycy(v=vs.80).aspx
http://msdn.microsoft.com/en-us/library/ms247123(v=vs.90).aspx
I was under the impression that when I sign both the ClickOnce manifests and the assembly in VisualStudio that I would see the publisher name when starting the exe and it requests permissions, but after building the project the Publisher is still missing
What am I missing here? Visual Studio does not complain about my cert and it looks like it imported it correctly showing the correct info
Issued To
Issued By COMODO
Intended Purpose .. etc
Edit: Managed to find this, this may already help Unknown Publisher still appears on correctly code-signed VSTO addin built with VS2010
I believe the answer to my problem is mageUI.exe or mage.exe
mageUI.exe allows to add a default signing cert to manually sign the manifest
http://msdn.microsoft.com/en-us/library/xhctdw55(v=vs.110).aspx
I was under the impression that VisualStudio would automatically do this, but its either not working for me or it was not intended to work this way