Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

add in - Unknown Publisher still appears on correctly code-signed VSTO addin built with VS2010

I have a OneClick Deployed VSTO Addin that I have signed with a up-to-date Verisign code-signing certificate (PFX). I have verified that I am signing correctly with Verisign support on the phone – they concur. I am building with VS2010. Nonetheless, the Addin shows “unknown publisher” when I try to install.

Why?

How can I replace “Unknown Publisher” with the name of the Publisher on the PFX certificate?

This is what I have done to try to solve the problem to date:

  1. Found this question about “Unknown Publisher” issue on Addins. The accepted answer to that question discusses using mage.exe to sign the deployment and application manifests.

  2. I used mage.exe to apply the PFX signature to both the application and deployment manifests to no avail; “Unknown Publisher” still shows when I install the Addin. Only then did I see a comment by a MS program manager on the page of the last link that VSTO Addin's built under 2008 or earlier do not read either the application or deployment manifests.

  3. Then I saw the same MS program manager's comment at bottom linking to this page and asserting that starting in VS2010 that VSTO Addin's with Publisher specified as given in the linked page will now have their manifests read and the correct Publisher name displayed upon Addin installation.

I have done all this and the publisher on my correctly code-signed OneClick Deployment still shows “Unknown Publisher” - why?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Follow these steps:

  1. Install the certificate on your local machine. In Windows Explorer right-click the certificate file, select Install PFX, and follow the instructions.

  2. Ensure the VSTO project manifest and assembly are signed. In the VSTO project's properties on the Signing tab, "Sign the ClickOnce manifests" should be checked (if not, select your PFX file). "Sign the assembly" should also be checked and using the same PFX file.

  3. After publishing the VSTO, you'll need to sign the manifest and the published .vsto files from the command line. You will also need to copy the .dll's from the bin to your published folder before you run mage.exe (to avoid "File Not Found" errors). I highly recommend signing both .vsto's for safety's sake. Here is the command line code to perform these steps:

-

set AppPublishPath=binReleaseapp.publish
set AppPublishVersionPath=binReleaseapp.publishApplication FilesMyProjectName_1_0_0_0

set CertificatePath=C:SignedCertificate.pfx
set CertificatePassword=password

copy bin*.dll "%AppPublishVersionPath%"

mage -update "%AppPublishVersionPath%MyProjectName.dll.manifest"  -certfile "%CertificatePath%"  -Password %CertificatePassword%
mage -update "%AppPublishVersionPath%MyProjectName.vsto"  -appmanifest "%AppPublishVersionPath%MyProjectName.dll.manifest" -certfile "%CertificatePath%"  -Password %CertificatePassword%
mage -update "%AppPublishPath%MyProjectName.vsto"  -appmanifest "%AppPublishVersionPath%MyProjectName.dll.manifest"  -certfile "%CertificatePath%"  -Password %CertificatePassword%

See Nathan's comment below about a possible additional step.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...