Avatar of bjones8888
bjones8888Flag for United States of America

asked on 

Digital Signature / Certificate Deployment

I have Outlook Add-Ins (DLLs) that I need to deploy to client networks.  I have them digitally signed (Verisign certificate). Our deployment method is that a user launches our program, which checks a server for updates and copies them to the desktop if necessary. The problem is that they get a warning message from Outlook saying that another program is trying to access e-mail (or contacts) and prompts them to allow or not.  If they manually install our certificate from the dll, the message is circumvented.  But having thousands of users do that is not preferable.  

How can I instruct the network administrators to deploy my certificate so that this message doesn't come up?  (Some are using Active Directory, and some not.)

I've read something about certutil, but don't know enough to say whether the following statement is the preferred deployment method:

certutil -addstore root mycert.der

Is there a better way, or is this the best way?  (I also could use Advanced Installer, if that helps.)
SoftwareOutlookSystem Utilities

Avatar of undefined
Last Comment
Avatar of Paranormastic
Flag of United States of America image

For GPO:
Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities

For non-GPO - are these all windows or some linux, etc.?  If Linux, I would look into openssl for your scripting method.  Openssl has versions that run using the same context for pretty much every OS.

Note that workstation OS do not have certutil installed - you would need to deploy the 2003 or 2008 adminpak.  Pretty much any automated method will require that you deploy additional software, tho.

For scripts, this is pretty slick - look for the cert.pl utility on the page:
Avatar of bjones8888
Flag of United States of America image


If certutil is used as part of a login script, for example (Windows OS), couldn't that be run from somewhere other than the local machine, but act on the local machine, without having to distribute certutil?  For example:

\\Server\Util\certutil -addstore root mycert.der
Avatar of Paranormastic
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial

Microsoft Outlook is a personal information manager from Microsoft, available as a part of the Microsoft Office suite. Although often used mainly as an email application, it also includes a calendar, task manager, contact manager, note-taker, journal, and web browser.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo