Unknown Publisher still appears on correctly code-signed VSTO addin built with VS2010

Question

I have a OneClick Deployed VSTO Addin that I have signed with a up-to-date Verisign code-signing certificate (PFX). I have verified that I am signing correctly with Verisig

Answer 1

Follow these steps:

1. Install the certificate on your local machine. In Windows Explorer right-click the certificate file, select Install PFX, and follow the instructions.

2. Ensure the VSTO project manifest and assembly are signed. In the VSTO project's properties on the Signing tab, "Sign the ClickOnce manifests" should be checked (if not, select your PFX file). "Sign the assembly" should also be checked and using the same PFX file.

3. After publishing the VSTO, you'll need to sign the manifest and the published .vsto files from the command line. You will also need to copy the .dll's from the bin to your published folder before you run mage.exe (to avoid "File Not Found" errors). I highly recommend signing both .vsto's for safety's sake. Here is the command line code to perform these steps:

-

set AppPublishPath=bin\Release\app.publish
set AppPublishVersionPath=bin\Release\app.publish\Application Files\MyProjectName_1_0_0_0

set CertificatePath=C:\SignedCertificate.pfx
set CertificatePassword=password

copy bin\*.dll "%AppPublishVersionPath%"

mage -update "%AppPublishVersionPath%\MyProjectName.dll.manifest"  -certfile "%CertificatePath%"  -Password %CertificatePassword%
mage -update "%AppPublishVersionPath%\MyProjectName.vsto"  -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%"  -Password %CertificatePassword%
mage -update "%AppPublishPath%\MyProjectName.vsto"  -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest"  -certfile "%CertificatePath%"  -Password %CertificatePassword%

See Nathan's comment below about a possible additional step.