Click twice upgrade Certificate chain error message

Add-in Express™ Support Service
That's what is more important than anything else

Click twice upgrade Certificate chain error message
 
TheBear




Posts: 9
Joined: 2015-10-20
Hey guys,

After upgrading to the latest version of add in express, my publish/upgrade functionality stopped working.

After I publish a new version, and the user clicks on the "Check For Update" button on the excel ribbon, it does correctly detect that there is a new version to install.

However, after the user clicks on OK to upgrade, I get the following exception fired:

Exception Source:
Exception Type: System.Security.Cryptography.CryptographicException
Exception Message: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

What settings do I need to change, or what do I need to do to get this working again?

I am using the default settings for everything in the add in express publish (MSI network deployed).

I even created a new certificate, and it gives me the same error. I am using SHA-256.
Posted 03 Jun, 2016 06:18:03 Top
Andrei Smolin


Add-in Express team


Posts: 18857
Joined: 2006-05-11
Hello,

I don't think this problem relates to Add-in Express. I've "fed" the exception message to Google and got pages that describe different reasons and resolutions. I don't know whether any of them is applicable to your case.

- https://support.symantec.com/en_US/article.TECH182437.html
- https://social.technet.microsoft.com/Forums/lync/en-US/63e08219-e7db-49a6-9f75-bca90ea9fd43/error-a-certificate-chain-processed-but-terminated-in-a-root-certificate-which-is-not-trusted-by?forum=ocscertificates
- https://support.microsoft.com/en-us/kb/2980667
- http://stackoverflow.com/questions/11230091/whys-my-root-certificate-not-trusted


Andrei Smolin
Add-in Express Team Leader
Posted 03 Jun, 2016 07:11:52 Top
TheBear




Posts: 9
Joined: 2015-10-20
I have figured out why.

Just in case anyone else gets this error message, more than just upgrading I actually made one more change to launch the update. Here are the 2 variants:

1. Process.Start(updateUrl);
2. this.LaunchMSIUpdates(updateUrl);

I changed it from the first one, to using the second one. The second method fires off the exception, whilst the first one shows you a "We can't verify who created this file" warning, but still allows you to install if you click continue.

A solution to this is in this web post:
http://www.technipages.com/fix-we-cant-verify-who-created-this-file-error

Now both methods work for me flawlessly.

Is there a reason to be using LaunchMSIUpdates over Process.Start? Does it do more? I personally prefer the Process.Start since it gives you an understandable warning message, and still lets you to proceed versus the other method that "crashes".
Posted 03 Jun, 2016 07:48:27 Top
Sergey Grischenko


Add-in Express team


Posts: 7233
Joined: 2004-07-05
Hello,

Did you use a test certificate to sign the add-in binaries and ClickTwice installation?
Posted 05 Jun, 2016 16:28:39 Top