I'd like to package ("publish" in Visual Studio menu) Microsoft Office Addin VTSO without signing.
The reason is that I'd like to use other digital signing server, which requires unsigned executable.
Is there anyway we can publish (make installer package) as unsigned?
In Visual Studio 2017, there's project properties. Signing tab has the information. Checkbox "Sign the ClickOnce manifest" is the default checked and can be unchecked.
But when I build or publish, the checkbox get checked again automatically.
I'm not sure if it is limited by Office Addin case, but following is using statement:
using System;
using System.Collections.Generic;
using Excel = Microsoft.Office.Interop.Excel;
using WebSocketSharp;
using Newtonsoft.Json;
using System.Diagnostics;
using System.Runtime.InteropServices;
using ComTypes = System.Runtime.InteropServices.ComTypes;
using System.Globalization;
It is for Excel, but I have same problem with PowerPoint and Word.
Expected result can be verified in Explore's File Properties on published setup.exe file.
Right click on setup.exe file and select Properties.
Expected (Not signed): There's no "Digital Signature" tab in dialog.
Actual (Signed) There is a "Digital Signature" tab in dialog.
I think before this point, the Checkbox "Sign the ClickOnce manifest" should not be checked automatically. But it does.
This has been discussed before Here.
Unfortunately it doesn't look like they have changed much in respect to this security feature since VS2008.
A brief read over Microsofts VS2017 Docs will show the following:
Signing the ClickOnce manifests is optional for .exe-based applications. For more information, see the "Generate unsigned manifests" section of this document.
.....But as Tamas Czinege points out in the related discussion .dll's must be signed. Seeing as VSTO is in the form .dll it will require a signature. I would suggest using a test cert and replacing if possible.