Search code examples
c#vstoclickonceoffice-addinsexcel-addins

How To Properly Sign And Deploy VSTO Addin

I have developed a vsto excel addin.

this is what i do to deploy it on a new pc.

  1. copy all the files to local computer/folder

here is my folder structure: Folder Structure

then i added following info to registry:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Excel\Addins\Bill Generator For Quickbooks]
"Description"="Bill Generator For Quickbooks"
"FriendlyName"="Bill Generator For Quickbooks"
"LoadBehavior"=dword:00000003
"Manifest"="file:///c:\Users\SiamIT-VMW7\Desktop\redist\Bill Generator For Quickbooks.vsto|vstolocal"

then when i run/open excel, it shows following warning window (as the file(s) is not signed). And if i click "install" it does and works as it should

Unknown Publisher

As i like to remove that warning i have signed the manifest and vsto file using mage utility. but excel throws following error if i try to run using signed version ?!?

Manifest Error

what i am missing here then? what is the correct approach to avoid that warning window?

thanks in advance

best regards

Solution

  • After quite some research i found the solution..

    that error was showing as i sign both files (the manifest and the vsto) using maze -sign command. but that is not the correct procedure..

    1st i need to sign the manifest file using maze -sign command

    And then i need to sign the vsto file using maze -update command so that maze can add the signed manifest hash in vsto file so that it can be matched by excel.

    here is the example command line codes to sign the manifest:

    mage.exe -s "Bill Generator For Quickbooks.dll.manifest" -a sha256RSA -ch [My Certificate Hash] -csp "[My Certificate Service Provider]" -kc [My Certificate Key Container] -TimeStampUri [My Certificate Provider Timestamp URL]

    And Here is the example command line codes to sign the vsto file using update command

    mage.exe -u "Bill Generator For Quickbooks.vsto" -appmanifest "Bill Generator For Quickbooks.dll.manifest" -a sha256RSA -ch [My Certificate Hash] -csp "[My Certificate Service Provider]" -kc [My Certificate Key Container] -TimeStampUri [My Certificate Provider Timestamp URL]

    and when i add this way signed files to the deployment it works nicely!

    here is the screenshot how it looks like:

    Verified Publisher

    I posted my own answer with a thought that it may helps someone some day :)