VSTO ClickOnce Solution signed with certificates issued by an Intermediate Certificate Authority shows Unknown Publisher. Other ClickOnce deployed applications cannot display the certificate chaining hierarchy.

Article translations Article translations
Close Close
Article ID: 970682 - View products that this article applies to.
Expand all | Collapse all
Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptom



When you try to deploy a Visual Studio Tools for Office system (VSTO) Version 3.0 solution with a certificate issued by an Intermediate Certificate Authority, end users will see an Trust Prompt with "Unknown Publisher" even though the component is duly signed with a Certificate that chains up to a Root Certificate Authority.

The same certificate can be used to sign an executable application like  Winforms or WPF application deployed through ClickOnce and the Trust Prompt for these applications will be able to verify the publisher identity successfully. However, if you try to view the certificate details for these applications types, the certificate chain hierarchy will not be visible and the Certificate Status in the details window will display "The issuer of this Certificate could not be found."

Cause



The VSTO v3.0 Runtime (including 3.0 SP1) cannot verify a publisher’s identify for certificates that chain to a Trusted Certificate Authority via an Intermediate Certificate Authority. This is a limitation in the underlying API used by the VSTO v3.0 Runtime and does not affect the ClickOnce deployment of other types of applications.

While the Trust Prompt for an executable application like Winforms or WPF application  can successfully display the Publisher Name, the details dialog associated with these application types has a similar limitation dealing with certificates issued by Intermediate Certificate Authorities and cannot completely construct the certificate chain hierarchy back to the Root Certificate Authority.

 

Resolution



The workaround to this issue is to include the Intermediate Certificate Authorities’ certificate on all end user machines where the application will be installed. As of now the issue is reported only with the handling of Thawte certificate and would require that Thawte intermediate certificate be installed on the end users machine.

More Information

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

Properties

Article ID: 970682 - Last Review: April 27, 2009 - Revision: 1.0
APPLIES TO
  • Microsoft Visual Studio 2005 tools for the 2007 Microsoft Office System
  • 2007 Microsoft Office system Runtime Components Service Pack 1
  • Microsoft .NET Compact Framework 2.0
Keywords: 
kbrapidpub kbnomt KB970682

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com