Third-party VSTO 2005 SE plug-in for Outlook 2007: what should I signwith a publisher certificate?

[Ojas]

First, I am not using any ClickOnce technology that I am aware of

For a third-party VSTO 2005 SE plug-in for Outlook, what should I sign
with a publisher's certificate versus an internally generated test
certificate? Which of the following do I sign with the publisher
certificate?

1) the plugin application manifest generated by VS 2008
2) the plug-in's installer .msi file that I've created with an
InstallShield like product
3) the plug-in's installer setup.exe file that I've created with an
InstallShield like product
4) plug-in's main assembly .dll file
5) anything else?

 

[Ken Slovak - [MVP - Outlook]]

1: No, manifest files can't be signed.
2, 3, 4: Yes.
5: any dependent assemblies or libraries you've created that will be loaded
by your main assembly.

 

[Ojas]

1: No, manifest files can't be signed.

For a VSTO 2005 SE plug-in for Outlook 2007, is there anyway to set
the "Publisher:" value when from Outlook 2007 the user does

Tools => Trust Center => Add-Ins

and then clicks on my add-in name?

Right now that field is still <None> even though my add-in is signed.

 

[Ken Slovak - [MVP - Outlook]]

Is the addin signed with a real code signing certificate that traces back to
a certificate authority that's recognized on that computer, or is it
self-generated certificate?

The certificate may need to be installed in the certificates cache, or be
added as a trusted publisher.

1: No, manifest files can't be signed.

For a VSTO 2005 SE plug-in for Outlook 2007, is there anyway to set
the "Publisher:" value when from Outlook 2007 the user does

Tools => Trust Center => Add-Ins

and then clicks on my add-in name?

Right now that field is still <None> even though my add-in is signed.