How to add a digital certificate to my packed XLL
3,165 views
Skip to first unread message
Dimitrios T
Jan 22, 2016, 10:14:31 AM1/22/16
to Excel-DNA
Hello to everyone,
I am in desperate need for a solution with deployment. I decided to simply copy the packed XLL file to the target machine and launch it from the Start menu with a simple shortcut. That whole process works really well however whenever the addin starts I get a "Warning: There is no digital signature available". So my understanding is that I need somehow to provide that in my VS project.
My question is how exactly do I do that? I want initially to test the addin without buying a certificate so I followed the steps of using sn and idasm to sign my assembly. This didn't seem to work so I tried to sign the assembly that contains the addin from the Code Signing tab but unfortunately I am using Excel.DNA.Integration which is not signed so my project does not compile.
Any ideas how I get this warning message disappear?
Thanks
Dimitris
Govert van Drimmelen
Jan 22, 2016, 1:51:37 PM1/22/16
to exce...@googlegroups.com
Hi Dimitris,
There are different meanings of signing and signatures that might be confused here.
The first is the .NET Framework mechanisms of strong naming and signing of managed assemblies. That is not relevant to the Excel-DNA add-ins at all, since the native add-in mechanism bypasses .NET security completely.
The second meaning is the digital signing of binaries on Windows - in this case the signing of the .xll add-in. This is the signature that Excel is looking for under your security settings.
To implement this for your add-in, you first make the packed .xll file for your add-in.
Then you use the SignTool.exe utility
https://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.110).aspx to sign your .xll binary.
-Govert
From: exce...@googlegroups.com [exce...@googlegroups.com] on behalf of Dimitrios T [dtra...@gmail.com]
Sent: 22 January 2016 05:14 PM
To: Excel-DNA
Subject: [ExcelDna] How to add a digital certificate to my packed XLL
Sent: 22 January 2016 05:14 PM
To: Excel-DNA
Subject: [ExcelDna] How to add a digital certificate to my packed XLL
--
You received this message because you are subscribed to the Google Groups "Excel-DNA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to exceldna+u...@googlegroups.com.
To post to this group, send email to exce...@googlegroups.com.
Visit this group at https://groups.google.com/group/exceldna.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Excel-DNA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to exceldna+u...@googlegroups.com.
To post to this group, send email to exce...@googlegroups.com.
Visit this group at https://groups.google.com/group/exceldna.
For more options, visit https://groups.google.com/d/optout.
Gareth Hayter
Jan 22, 2016, 10:18:31 PM1/22/16
to Excel-DNA
Keep in mind that SHA1 signatures are being deprecated this month. You'll need to sign with SHA2....actually, you'll need to sign twice, once with SHA2 and then with SHA1. See here for a nice summary:
Kind regards,
Gareth.
To post to this group, send email to exc...@googlegroups.com.
Dimitrios T
Jan 24, 2016, 5:49:30 PM1/24/16
to Excel-DNA
Thanks for your reply Govert. I must admit, I didn't look into SignTool at all. So do I definitely have to purchase a digital certificate and use SignTool to sign the XLL? Or can I use something else temporarily to do my testing?
Regards
Dimitris
To post to this group, send email to exc...@googlegroups.com.
Govert van Drimmelen
Jan 24, 2016, 5:57:32 PM1/24/16
to exce...@googlegroups.com
I think you can do it with a self-signed certificate.
See the instructions here as a start:
or
You might just have to add it to the Office Trust Center for it to be accepted.
-Govert
From: exce...@googlegroups.com [exce...@googlegroups.com] on behalf of Dimitrios T [dtra...@gmail.com]
Sent: 25 January 2016 12:49 AM
To: Excel-DNA
Subject: Re: [ExcelDna] How to add a digital certificate to my packed XLL
To: Excel-DNA
Subject: Re: [ExcelDna] How to add a digital certificate to my packed XLL
To post to this group, send email to
exce...@googlegroups.com.
Dimitrios T
Jan 25, 2016, 9:12:14 AM1/25/16
to Excel-DNA
Hi Govert,
your help is much appreciated so far. I created my own certificate and then using pvk2pfx I created a (Personal Information Exchange) pfx file. I then used a tool called SignGUI to essentially sign my XLL file. Once I did that I installed the Addin and manually had to trust myself (the publisher) and add the certificate in the local store. That seemed to work and make the warning disappear.
What I want to do however is to have this entire process of trusting the certificates automated in my WIX installer. There seems to be a problem and the reason I am sending another post on it.
I have the following in my WIX script:
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="ProgramFilesFolder">
<Directory Id="Company" Name="$(var.ManufacturerName)">
<Directory Id="INSTALLDIR" Name="$(var.ProductName)">
<Component Id="CertificateComponent" Guid="1f59dccf-7176-4e97-afb0-e1daf013d1df">
<CreateFolder/>
<iis:Certificate Id="My.Certificate" StoreName="root" Overwrite="yes" Name="MY_CA"
Request="no" CertificatePath="Resources\myapp.pfx" StoreLocation="localMachine" />
</Component>
</Directory>
</Directory>
</Directory>That should work however it seems that my WIX installer fails and can never install the certificate and the addin. Any ideas would be much appreciated. I am trying desperately to get to the bottom of this and have a finished product that users can trust and use without messing around with their Certificate Store. I looked at examples of Wix installers on the web with the certificate installation builtin but nothing so far that works.
Thanks
Dimitris
Govert van Drimmelen
Jan 26, 2016, 4:34:04 PM1/26/16
to exce...@googlegroups.com
Hi Dimitris,
Can you try installing into StoreName="trustedPublisher" rather than StoreName="root" ?
-Govert
From: exce...@googlegroups.com [exce...@googlegroups.com] on behalf of Dimitrios T [dtra...@gmail.com]
Sent: 25 January 2016 04:12 PM
To: Excel-DNA
Subject: Re: [ExcelDna] How to add a digital certificate to my packed XLL
To: Excel-DNA
Subject: Re: [ExcelDna] How to add a digital certificate to my packed XLL
--
You received this message because you are subscribed to the Google Groups "Excel-DNA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to exceldna+u...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to exceldna+u...@googlegroups.com.
To post to this group, send email to
exce...@googlegroups.com.
Dimitrios T
Feb 7, 2016, 4:36:07 PM2/7/16
to Excel-DNA
Hi Govert,
after a few days of battling with the certificates WIX code I managed to make this work. Basically the problem was that I had some other certificate within the store registered and when I was trying to install my add-in I couldn't. So I removed that certificate, I recreated everything, run the installer and it finally worked.
Thanks for all your help. It seems that certificates are particularly tricky to work with and it doesn't help that Microsoft has a lot of the tools required completely hidden.
D
To post to this group, send email to exc...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages