Digital Signature / Certificate Deployment
I have Outlook Add-Ins (DLLs) that I need to deploy to client networks. I have them digitally signed (Verisign certificate). Our deployment method is that a user launches our program, which checks a server for updates and copies them to the desktop if necessary. The problem is that they get a warning message from Outlook saying that another program is trying to access e-mail (or contacts) and prompts them to allow or not. If they manually install our certificate from the dll, the message is circumvented. But having thousands of users do that is not preferable.
How can I instruct the network administrators to deploy my certificate so that this message doesn't come up? (Some are using Active Directory, and some not.)
I've read something about certutil, but don't know enough to say whether the following statement is the preferred deployment method:
certutil -addstore root mycert.der
Is there a better way, or is this the best way? (I also could use Advanced Installer, if that helps.)
How can I instruct the network administrators to deploy my certificate so that this message doesn't come up? (Some are using Active Directory, and some not.)
I've read something about certutil, but don't know enough to say whether the following statement is the preferred deployment method:
certutil -addstore root mycert.der
Is there a better way, or is this the best way? (I also could use Advanced Installer, if that helps.)
Last Comment
ASKER
If certutil is used as part of a login script, for example (Windows OS), couldn't that be run from somewhere other than the local machine, but act on the local machine, without having to distribute certutil? For example:
\\Server\Util\certutil -addstore root mycert.der
\\Server\Util\certutil -addstore root mycert.der
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Outlook
Microsoft Outlook is a personal information manager from Microsoft, available as a part of the Microsoft Office suite. Although often used mainly as an email application, it also includes a calendar, task manager, contact manager, note-taker, journal, and web browser.
105K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities
For non-GPO - are these all windows or some linux, etc.? If Linux, I would look into openssl for your scripting method. Openssl has versions that run using the same context for pretty much every OS.
Note that workstation OS do not have certutil installed - you would need to deploy the 2003 or 2008 adminpak. Pretty much any automated method will require that you deploy additional software, tho.
For scripts, this is pretty slick - look for the cert.pl utility on the page:
http://unattended.sourceforge.net/apps.php