Windows Develop Bookmark and Share   
 index > ClickOnce and Setup & Deployment Projects > VSTO ClickOnce Installation and Certificate Chaining
 

VSTO ClickOnce Installation and Certificate Chaining
Hello,

I am trying to install a VSTO Office 2007 Add-In using ClickOnce deployment (from VS2008). I am having a problem getting the ClickOnce installer to correctly identify the publisher. I am signing both setup.exe and the ClickOnce manifest with a trusted certificate issued by Thawte. Setup.exe displays the publisher information correctly when run, but once the .vsto (clickonce manifest) is launched to begin the add-in installation, the publisher is shown as "Unknown Publisher" on a clean computer.

The Thawte certificate uses an intermediate certificate to chain to the the trusted root CA. It seems that in VS2005 there was a bug that did not include chaining information for ClickOnce manifests and the information I found from searching around mentioned that it should have been fixed in VS2008. This doesn't seem to be the case for me. Is there a fix for this? I cannot install the intermediate certificate prior to launching the installation since I will not have access to users' computers.

Thanks in advance,
Tony
Tony Cass  Thursday, March 19, 2009 8:54 PM
Hey there,

I am having exactly the same issue as described above. I am also using a Thawte certificate.
Has anyone been able to resolve this issue?

Thanks,
Nic
NicHanafey  Monday, September 21, 2009 9:37 AM

Here is a link to a posting that explains what's going on.It's just a bug in the dialog; I believe the installation should work okay.

http://social.msdn.microsoft.com/Forums/en-US/winformssetup/thread/13876bb8-7dbb-4df1-93f8-70ff467ffd4b

RobinDotNet
Click here to visit my ClickOnce blog!
RobinDotNet  Monday, September 21, 2009 11:30 PM
I talked to someone at Microsoft today. They are not fixing this in .NET 4.0. Just FYI.

RobinDotNet
Click here to visit my ClickOnce blog!
RobinDotNet  Wednesday, September 23, 2009 1:27 AM

Okay, I was wrong. This is NOT just a bug in the dialog.

There's a problem with ClickOnce for VSTO in how it handles chaining in intermediate certificates.

http://support.microsoft.com/kb/970682

There are two things you can do apparently. The easiest thing is to install the certificate on the client computer.

http://msdn.microsoft.com/en-us/library/ms172241.aspx

The second one is uglier, and I'd go with #1 if I were you.
Edit the registry (yeah, see, I told you it was uglier).
Look for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel
Change the value for "Internet" from "AuthenticodeRequired" to "Enabled".
If you do this, they will be able to install the VSTO application even though it says "Unknown Publisher."
Of course, they will be able to install ANY VSTO application from ANYWHERE. (Yikes!)

RobinDotNet

Click here to visit my ClickOnce blog!
RobinDotNet  Friday, September 25, 2009 3:06 AM

You can use google to search for other answers

Custom Search

More Threads

• ClickOnce Install Cant Find Included Data File
• ClickOne only support install in c:\Documents and Settings\<User>\Local Settings
• Setup needs to uninstall previous
• publisher for signed clickonce applications
• ClickOnce and "satellite" files
• ClickOnce installing in Documents and Settings\{user}\Local Settings\Apps\...
• How to get localization property of Visual Studio Setup project programmetically?
• ShellExecuteEx failed with error code 1155
• ClickOnce update runs old version
• How to merge two different solution into single install file.
Home          Copyright 2009-2010 by windowsdevelop.com All rights reserved