Code signing so your extension will load in IE10

Add-in Express™ Support Service
That's what is more important than anything else

Code signing so your extension will load in IE10
 
mitchel c




Posts: 20
Joined: 2006-05-07
Hello, I had trouble loading my extension into IE10 so I could use it and test it.. I wanted to share this page that helped me:

http://stackoverflow.com/questions/84847/how-do-i-create-a-self-signed-certificate-for-code-signing-on-windows

(Maybe it's good to add this to the documentation since my extension would not load without these steps!)


I'm in the process now to get an official code-signing certificate but in the meantime the test cert is helping me.

I was wondering also for an opinion.. Or at least a thought for others out there that don't want to/can't get an official code signing certificate.. Couldn't they run the commands on that stack overflow list on the customer's computer via the installer? Then they would bypass the code-signing requirement.. That almost sounds like a flaw in the design.. Though I won't go as far as to say it's a security flaw since you have to be an Administrator to do it.. :D
Posted 23 Apr, 2013 00:55:05 Top
Andrei Smolin


Add-in Express team


Posts: 14137
Joined: 2006-05-11
Hello Mitchel,

We'll consider adding this info to the manual. Thank you for the suggestion.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 23 Apr, 2013 01:07:08 Top
mitchel c




Posts: 20
Joined: 2006-05-07
I forgot to mention that I had to use the process on the "adxloader.dll" and "adxloader64.dll" files. Not on my assemblies.
Posted 23 Apr, 2013 05:14:58 Top
Andrei Smolin


Add-in Express team


Posts: 14137
Joined: 2006-05-11
A good note! Thank you, Mitchel!

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 23 Apr, 2013 06:04:14 Top
mitchel c




Posts: 20
Joined: 2006-05-07
Andrei, I'm just thinking as I work on this process to get my code-signing certificate and to sign the adxloader dlls if there isn't a security issue here in your design.

For example, if I sign adxloader.dll and register my IE module then my code will load. If I then copy the same adxloader.dll to another visual studio project without any further work then it will also register and load the DLL compiled by that project.

So the problem here is that anyone can copy my signed adxloader.dll file and use it to load their IE module.

In this case:

1. You guys could just sign it to begin with.

or 2. Adxloader should check that any submodules that it loads are also signed with same signature.
Posted 27 Apr, 2013 05:21:44 Top
Andrei Smolin


Add-in Express team


Posts: 14137
Joined: 2006-05-11
Hello Mitchel,

#1 is impossible as doing this prevents you from creating YOUR add-ins, all of them will belong to Add-in Express.

As to #2, thank you for the suggestion. We'll look into this. Thank you again.

Regards from Belarus (GMT+3),

Andrei Smolin
Add-in Express Team Leader
Posted 29 Apr, 2013 10:45:37 Top