4,384 questions
EV code signing with VSTO add-in
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 88%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPL%3C/text%3E%3C/svg%3E)
Pete Luetchford
21
Reputation points
We are a small software company producing VSTO add-ins for PowerPoint, Excel and Word. Recently, more of our clients have been seeing the SmartScreen warning popping up when installing. We would like to avoid this as it tends to lead to a lot of support calls and damages our reputation. We currently sign application manifests and setup.exe files with a GoDaddy code signing certificate. I understand that signing with an EV certificate would probably eliminate the SmartScreen issue. Because EV certificates require hardware key storage and because we build from different locations (DevOps pipelines running on various Azure VMs plus various other machines), the solutions available to allow EV signing seem to be very complex and expensive. I was wondering if we could sign the application manifests with a standard certificate on every build, then when creating new setup.exe files, which we don't do very often, sign the setup.exe with an EV certificate in one location. Is it possible to sign manifests and setup.exe with a different type of certificate? Would that get around the SmartScreen or would the application manifests also need to be signed with an EV certificate?
Microsoft 365 and Office | Development | Other
Sign in to answer