can't install the add-in

[smonca]

During instalation I receive the following error message:

** Exception Text ** System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for SignatureManager or its location is not trusted. Contact your administrator for further assistance. at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal(ClickOnceTrustPromptKeyValue promptKeyValue, DeploymentSignatureInformation signatureInformation, String productName, TrustStatus status) at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri manifest, DeploymentSignatureInformation signatureInformation, String productName, TrustStatus status) at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.ProcessSHA2Manifest(ActivationContext context, DeploymentSignatureInformation signatureInformation, PermissionSet permissionsRequested, Uri manifest, ManifestSignatureInformationCollection signatures, AddInInstallationStatus installState, TrustStatus sha256TrustStatus, X509Certificate2 sha256PublisherCert) at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState) at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn() The Zone of the assembly that failed was: MyComputer What should I do?

[colosso]

Did you try release or debug it on your pc?

[smonca]

No I just ran the setup from folder /bin/debug/app.publish as this is the only setup in the package.

I also do not have MS Visual studio.

[colosso]

Try install it from your local drive, not from a network drive. If this doesn't work you can try to change the trust prompt settings.

[smonca]

I did the istalation from local folder (I downoladed and unzipped the program), but the error stil occurs

[smonca]

Hello, can you please advise what to do for a successful instalation?

[colosso]

What Outlook version are you using?

[smonca]

Hello, can you please advise what to do for a successful instalation?

[smonca]

Microsoft Office Home and Business 2016 ver 1611 built 7571.2109

[colosso]

I can undortunately not give you an exact solution to solve this. This is most likely a permission issue of your pc... chech the permissions of your user in AD and / or locally. check for other programs that could interfer like anti viruses and son on. If nothing helps download VS and release it on your PC.

[mpgioia]

Same issue here.. identical.. I'm undeniably local admin on my own PC. No AD backhaul.. not corporate/enterprise machine. This is a PKI issue.. What did you sign it with @colosso ? The trusted root CA cert in the chain at the top is not a public trusted root CA cert..

[adamekp]

@colosso @smonca @mpgioia Fix/workaround: The setup.exe is digitally signed, and you can extract the signature from it:

1. Right click setup.exe and select Properties.
2. Go to the Digital Signatures tab and select the only entry in the signature list, then click on Details.
3. In the newly opened window, which shows DESKTOP-TBEP5HR\PC, click Show Certificate.
4. The signature itself shows, that it is a self-signed one (see certificate path), and it will expire in exacly one week (2017-10-19). However, click on Install Certificate.
5. In the certificate import wizard, select Current User, click on Next, and select the specified certificate store, which should be the Trusted Root Certification Authorities store. Do not let the wizard select the store automatically for you, as it would save in the Intermediate Certificate Authority, which is insufficient for our case. Click on Next, then finish the wizard.
6. A security warning will appear that the origin cannot be validated, click on Yes at the question whether to install the certificate anyway.
7. Close the certificate, digital signature and properties windows by clicking OK.
8. Run setup.exe.

@colosso As mentioned above, your self-signed certificate will expire in a week, so even with the workaround I described, new installations of your tool won't be possible after that. I'd suggest to sign the binaries with a certificate from a trusted CA, or at least include the self-signed one on its own to let the user double-click to import it. I guess the SignatureManager_TemporaryKex.pfx is a different one, but I'm not able to confirm it, as it would require a password to let me import it.

[mpgioia]

@adamekp .. Thought so.. thanks for that breakdown and workaround. Over to you @colosso .. most importantly .. thanks for the dev effort.. but can you get the binaries signed by a public trusted root CA ..

[Spork-Schivago]

Seeing how the plugin is free and signed certs from a public trusted root CA generally cost money, perhaps the better solution would be signing it with a very long expiration date or possibly looking into something like Let's Encrypt and see if they support signing binaries, which I don't think they do. I think the only viable option would be to create a self signed cert that doesn't expire until 2048 or something....just my two cents.

[paulstuartgibbons]

Has there been any update to this? I really want to use this app as i have the same problem on my PC and it bugs me every day. When I found this post i was excited to see that you had posted a solution but i am having the same security issue as described. Let me know as this would be amazing!