Closed B45man closed 4 years ago
akrantz
commented
5 years ago You're not doing anything wrong but I'm not sure what causing it to not work for you.
If you run npx office-addin-dev-certs verify, does it say that you have trusted access to https://localhost?
If you run npm run dev-server, does webpack-dev-server start successfully, or does it report an error?
Also, please let me know whether you're using Mac or Windows.
B45man
commented
5 years ago Hi Adam, I'm on Windows 10. When I run npx office-addin-dev-certs verify, I get "You need to install certificates for trusted access to https://localhost." Is this the issue then probably?
denkristoffer
commented
5 years ago I've begun to see this as well. The dev certs have somehow become unusable. npx office-addin-dev-certs verify gives the same error as @B45man sees. Removing ~/.office-addin-dev-certs and recreating the certs doesn't fix it. The dev server starts just fine with the dev-server script, but I cannot actually connect to it:
akrantz
commented
5 years ago Run npx office-addin-dev-certs install. You should get the following dialog to confirm the installation:
Click yes and it should install the certificate. After that, things should work.
The error about being unable to start the dev server is likely because it is timing out waiting for the prompt.
akrantz
commented
5 years ago @B45man The dev certs have a limited expiration, and when running the dev server, it should prompt when it needs to create new certs. I think you're not seeing the prompt appear.
denkristoffer
commented
5 years ago @akrantz I've tried reinstalling the certs multiple times to no avail. The dev script also tries to reinstall them every time I run it. Is it possible that something has changed in the way you check for the the certs?
I'm on a Mac by the way, so if it wasn't for the fact that this worked just a week or two ago, I would've said that #168 might be related.
TCourtneyOwen
commented
5 years ago @denkristoffer Can you please try running 'npx office-addin-certs uninstall" and then run 'npx office-addin-dev-certs install' as @akrantz suggested? Perhaps this will get your machine back to a clean state. When you run 'npx office-addin-dev-certs uninstall' you will get prompted for an admin password. After entering the password, the certs will be removed. Then run run 'npx office-addin-dev-certs install' to install them again
DannyHinshaw
commented
4 years ago @TCourtneyOwen I'm having the same issues as @denkristoffer , I'm also on a Mac and every time I run yarn dev-server (full command below) it reinstalls the dev certs, which is really annoying because I have to go through the whole trust these certs rigamarole with my OS when I go back to Word... for every single change.
On top of that, I'm also running into the following error now when I run yarn start:
Unable to start the dev server. Error: The dev server is not running on port 3000.No clue why, it was working (though annoying) maybe a half hour ago.
Here's how those scripts are defined in my package.json.
"start": "office-addin-debugging start manifest.xml",
"dev-server": "webpack-dev-server --mode development --disable-host-check",Running npx office-addin-dev-certs uninstall did not help.
akrantz
commented
4 years ago I think you might be running into a bug on Mac when the certs are within one day of expiring. If you manually do npx office-addin-dev-certs uninstall and then npx office-addin-dev-certs install, does npx office-addin-dev-certs verify say that the certs are good? If so, then running webpack-dev-server after this should be OK.
akrantz
commented
4 years ago Also, please use npm outdated --long to see if there are newer versions of office-addin-* packages.
DannyHinshaw
commented
4 years ago @akrantz all office-addin's are up to date (have even done a full node_modules reinstall). Please see the following outputs:
$ npx office-addin-dev-certs uninstall
The CA certificate is not installed.
$ npx office-addin-dev-certs install
The developer certificates have been generated in /Users/danny/.office-addin-dev-certs
Installing CA certificate "Developer CA for Microsoft Office Add-ins"...
You now have trusted access to https://localhost.
Certificate: /Users/danny/.office-addin-dev-certs/localhost.crt
Key: /Users/danny/.office-addin-dev-certs/localhost.key
$ npx office-addin-dev-certs verify
You need to install certificates for trusted access to https://localhost.
$ npx office-addin-dev-certs uninstall
The CA certificate is not installed.yarn start still broken, yarn dev-server still working...
akrantz
commented
4 years ago Thanks for the info. I find it surprising that verify does not show it installed after the explicit install.
Run "Keychain Access" and look for the "Developer CA for Microsoft Office Add-ins" certificate. Is it there? Is is trusted?
akrantz
commented
4 years ago Using my mac machine, I had an expired certificate installed.
When I ran the verify command, it said that I did not have trusted access.
I ran the install command, and then ran verify again. I saw that it added a new cert but did not remove the old cert, and verify said that I didn't have trusted access.
I manually removed the older cert, and ran the verify command, but it still said that I did not have access.
I manually removed the new cert as well, so there were no Developer CA certs, and then ran the install command. It installed a new cert, and the verify command now says that I have trusted access.
I think that something has changed in the OS so the uninstall command isn't working right, and if it cannot remove the old cert, then verify will fail.
akrantz
commented
4 years ago @DannyHinshaw I believe the manual workaround is to run "Webchain Access" and to remove all of the "Developer CA for Microsoft Office Addins" certificates listed. Then run "npx office-addin-dev-certs install". Please let me know whether that helps solve this.
DannyHinshaw
commented
4 years ago @akrantz that unfortunately did not work :/
Edit: Oops I was only looking in the login folder. I'll browser around for more littered certs in the other folders.
akrantz
commented
4 years ago What part didn't work?
The certs are installed into ~/.office-addin-dev-certs. The uninstall command should delete them. You shouldn't have to deal with them yourself. You can validate whether the files are deleted when the uninstall command is run, and you can delete them manually if you wish. I'm more concerned about whether the keychain is updated properly or not.
DannyHinshaw
commented
4 years ago @akrantz it worked! I just had to track down all certs in Keychain Access, originally I had only checked the login folder, but the majority were in System I believe. Thanks for the help!
Guess I'll write a script to do this correctly now since office-addin-debugging apparently can't
akrantz
commented
4 years ago Danny, which OS version are you running? This obviously worked at some point, and I am wondering if something changed in the OS to break it. We'll need to figure out how to get this working again. Sorry for the difficulty here.
DannyHinshaw
commented
4 years ago MacOS Mojave Version 10.14.6 (18G95)
miacrd
commented
4 years ago I have the same issue. For me, not even manually deleting the cert files seems to be working. I'm using MacOs Catalina, Version 10.15.2.
When I use npx office-addin-dev-certs verify it says: "You need to install certificates for trusted access to https://localhost.".
When running uninstall, it says "The CA certificate is not installed." even after running npx office-addin-dev-certs install, which seems to run fine.
akrantz
commented
4 years ago @miacrd Please see comments above. If you remove all of the certs manually from the keychain, then the command can run successfully. It appears that a Mac OS change broke functionality used to find the cert in the keychain and we've not found a fix yet.
akrantz
commented
4 years ago @TCourtneyOwen Bumping visibility of this issue.
miacrd
commented
4 years ago @akrantz Yes, I tried via keychain and it worked then, I just wanted to add the extra info of the install/uninstall commands. Sorry for the miscommunication.
TCourtneyOwen
commented
4 years ago I will look into this, as I have been hitting the same issue on my Mac following the holiday break. I’ve tried numerous workarounds so far, all to no avail thus far. Unfortunately snowy weather here in Seattle may prevent me from being able to get to the office today so I can debug on my Mac. I will keep everyone posted of my findings on this thread.
TCourtneyOwen
commented
4 years ago I was working on this issue yesterday, and it wasn't until I removed a cert from Keychain --> Login --> Certificates that things started working for me again on Mac. The cert I removed was not actually named "Developer CA for Microsoft Office Addins", which is the name we look for when verifying the certs during install and uninstall. Rather, the cert was issued from Microsoft and was named something like localhost 127.0.0.1. I am wondering if some sort of previous error in the cert registration process might have caused a certificate to not be fully registered and then left me in a broken state where the cert couldn't be detected and thus not removed or removed or updated with a new expiration date.
I am investigating this some more, but at this point have lost my repro of the issue (i.e. everything is working for me now).
-Courtney
akrantz
commented
4 years ago That cert could have come from someone else. Needing a cert for localhost is a common scenario.
SaremS
commented
4 years ago Just encountered the same issue on Mac and was able to work around it with sudo for now: sudo npm start. Without the sudo, a /.office-addin-dev-certs folder wouldn't even be created and I would get the same results as https://github.com/OfficeDev/Office-Addin-Scripts/issues/190#issuecomment-557207612.
Interestingly, everything was working without sudo before.
advisoray
commented
4 years ago I ran into this issue on my Mac when my original certificate was close to expiration / already expired. The issue is that npx office-addin-dev-certs install adds a new certificate without removing the expiring one, npx office-addin-dev-certs verify fails because it only pulls the first (oldest) cert, which is expiring / has expired, and npx office-addin-dev-certs uninstall fails because there's more than one certificate with the certificate name, so it can't remove them.
After a bunch of searching, the answer is that you need to remove all of the existing certificates, including the old and new, and then try again. You can do this by running security find-certificate -c "Developer CA for Microsoft Office Add-ins" -a -Z | sudo awk '/SHA-1/{system("security delete-certificate -Z "$NF)}' from the project root directory. Once you do that, npx office-addin-dev-certs install and npx office-addin-dev-certs verify will again work.
To fix this, the install, verify, and uninstall should be updated on Mac. Install should check to see if anything with the name already exists and not install duplicate certs (because the old / expiring / expired certs won't be purged, and will continue to stick around). verify should be fixed to either ignore expired / expiring soon certs, or to possibly warn if there are multiple matching certs with the same name. uninstall should be updated to uninstall ALL of the matching name certs, using the command above.
There should also be some investigation into the npm start and npm run dev-server commands. Before I fixed the issue locally, npm start would fail when trying to bring up the web server, but npm run dev-server would bring it up just fine, and I could connect on it at https://localhost:3000. After removing all of the certs and trying again, npm start works like it should.
TCourtneyOwen
commented
4 years ago @advisoray Thanks for reporting this issue. We are aware of the problem and haven't had the opportunity to fix this yet. In fact we have a PR opened for this but it's still under review: https://github.com/OfficeDev/Office-Addin-Scripts/pull/245. I will try and set aside some time soon to look at this some more. Please feel free to make comments or suggestion on the PT.
Thanks,
Courtney
samuelkolb
commented
4 years ago @advisoray Somehow this did the trick, it deleted some certificates that did not show up when searching manually in "Keychain Access" after which everything started to work again
TCourtneyOwen
commented
4 years ago I believe this is a dupe of Issue#233: https://github.com/OfficeDev/Office-Addin-Scripts/issues/233
J0hnRoger
commented
3 years ago I just re-open this for tracking purpose: I had the same problem this morning on Windows 10:
System: Windows 10 - Pro - version 1909
npx office-addin-dev-certs install PS C:\Dev> npx office-addin-dev-certs install
npx: installed 29 in 5.412s
The developer certificates have been generated in C:\Users\jroger\.office-addin-dev-certs
Installing CA certificate "Developer CA for Microsoft Office Add-ins"...
You now have trusted access to https://localhost.
Certificate: C:\Users\jroger\.office-addin-dev-certs\localhost.crt
Key: C:\Users\jroger\.office-addin-dev-certs\localhost.keyPS C:\Dev> npx office-addin-dev-certs verify
npx: installed 29 in 2.701s
You need to install certificates for trusted access to https://localhost.
So even in Admin PowerShell , I miss the Certificate Provider
Workaround: I install PowerShell V.7.1 and set it as default powershell. Then I uninstall/install with npx office-addin-dev-certs and then, when I start the webpack server in an admin powershell 7.1 console npm start, all work as expected.
Improvment: It would be really helpful if the output of the install script would notify the error about the PowerShell function rather than fail silently
Thx for the great work on certificate
glennzw
commented
3 years ago I seem to be bumping into the same or very similar issue, but can't seem to resolve it. As others reported I was bumping into this:
$ npx office-addin-dev-certs uninstall
The CA certificate is not installed.
$ npx office-addin-dev-certs install
The developer certificates have been generated in /Users/glenn/.office-addin-dev-certs
Installing CA certificate "Developer CA for Microsoft Office Add-ins"...
You now have trusted access to https://localhost.
Certificate: /Users/glenn/.office-addin-dev-certs/localhost.crt
Key: /Users/glenn/.office-addin-dev-certs/localhost.key
$ npx office-addin-dev-certs verify
You need to install certificates for trusted access to https://localhost.
$ npx office-addin-dev-certs uninstall
The CA certificate is not installed.Opening up Keychain I had numerous certifcates for Developer CA for Microsoft Office Add-ins, dating back to 2019 when this was working fine (along with six from today as I've been battling this issue):
I deleted them all from Keychain, and then installed again:
$ npx office-addin-dev-certs install
The developer certificates have been generated in /Users/glenn/.office-addin-dev-certs
Installing CA certificate "Developer CA for Microsoft Office Add-ins"...
Password:
You now have trusted access to https://localhost.
Certificate: /Users/glenn/.office-addin-dev-certs/localhost.crt
Key: /Users/glenn/.office-addin-dev-certs/localhost.key
$ npx office-addin-dev-certs verify
You have trusted access to https://localhost.At this point, others seem to have the problem resolved, but it persists for me:
npm start
> office-addin-taskpane-js@0.0.1 start /Users/glenn/Outlook01
> office-addin-debugging start manifest.xml
Debugging is being started...
App type: desktop
The dev server is already running on port 3000.
Sideloading the Office Add-in...
Error: Unable to start debugging.
office-addin-debugging: Unable to sideload the Office Add-in.
Error: Sideload is not supported.Running the dev server with npm run dev-server works, and I can open https://localhost:3000/taskpane.html which gives me a padlock with a good certificate:
Something I just noticed is that even though even with the errors from npm start and the process exits (I'm not sure if it's supposed to), the node webserver does run in the background:
$ ps -fwwp $(pgrep node)
501 73507 1 0 2:03pm ?? 0:07.09 node /Users/glenn/Outlook01/node_modules/.bin/webpack-dev-server --mode developmentAs per the tutorial I'm following I'm expecting to get a message:
Your Outlook add-in will automatically sideload to Outlook on your desktop computer. You'll see a dialog appear, stating there is an attempt to sideload the add-in, listing the name and the location of the manifest file. Select OK, which will register the manifest.
Attempting a Manual Side Load via the web, and I actually do have success loading up the tutorial add in:
So it seems my problem has migrated to one to do with certificates, to one to do with an inability to sideload. Any help or advice would be appreciated.
twilightty
commented
3 years ago I have the same problem on Arch Linux (latest build) and I'm sideloading taskpane add-ins through web.
dgtllion
commented
3 years ago Also what it can cause the problem is that the webpack.config.js file is misconfigured.
You better try to run npm run dev-server to see what problems webpack has to run your server. ;)
twilightty
commented
3 years ago When I start the devserver, no problem happened at all ;) But I can’t load it in word btw :/
On 26 Aug 2021, at 10:37, Bogdan @.**@.>> wrote:
Also what it can cause the problem is that the webpack.config.js file is misconfigured. You better try to run npm run dev-server to see what problems has webpack to run your server. ;)
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/OfficeDev/Office-Addin-Scripts/issues/190#issuecomment-906067055, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATE5DZ4XQ3CDOBMQM7XQTGLT6WZHLANCNFSM4IL4KQMQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email.
rubi-rastko
commented
1 month ago #!/bin/bash
if [ -f "/usr/sbin/update-ca-certificates" ]; then
echo [ -f /usr/local/share/ca-certificates/office-addin-dev-certs/$1 ] && openssl x509 -in /usr/local/share/ca-certificates/office-addin-dev-certs/$1 -checkend 86400 -noout
elif [ -f "/usr/sbin/update-ca-trust" ]; then
echo [ -f /etc/ca-certificates/trust-source/anchors/office-addin-dev-certs-ca.crt ] && openssl x509 -in /etc/ca-certificates/trust-source/anchors/office-addin-dev-certs-ca.crt -checkend 86400 -noout
fiOn Fedora 39, this ca-trust directory does not exist. The correct one is
/etc/pki/ca-trust/source/anchorsAlso
/usr/sbin/update-ca-trustdoes not exist - it is in
/usr/binAlso, to verify *.crt under /etc/pki/ca-trust/source/anchors/, permission will usually be denied (unlike install, the execSync is not wrapped in a sudo call).
I don't know how other software does it, but the target path is locked and owned by root.
The update-ca-trust should extract certs into ./ca-trust/extracted and there, files are readable by "o" and "g".
Simplest workaround would be to set as root when installing file-level permissions to 644.
rubi-rastko
commented
1 month ago After this, npm run start works, because it can verify and not need to install certs.
rubi-rastko
commented
1 month ago @akrantz might be relevant to other *nix systems
I'm going through the tutorial to build my first Outlook add-in. I am on Windows 10, and am using the Yeoman generator to create an Angular app:
https://docs.microsoft.com/en-us/outlook/add-ins/quick-start?context=office%2Fdev%2Fadd-ins%2Fcontext&tabs=yeomangenerator
Everything is going well until I get to this step:
If I run npm start, I get this output:
What am I doing wrong?