Add code signing certificate as a Trusted publisher in user machine without the .cer file

[apsSanj]

We are using a GlobalSign EV code signing certificate to code sign our installer and the VBA macro enabled template (.dotm). Even we have code signed the .dotm file, user will see 'macro disabled' warning at Microsoft Word document open, user will have to manually trust the certificate and add it to the trust center. To prevent this manual process we have to add the certificate to the trust center during installation.

I saw this documentation : viewtopic.php?t=33862
Before this GlobalSign EV certificate, we used some other certificate. And that time, we were using this same approach to add the certificate to trust center.

We are now using Azure KeyVault, so we are unable to extract a .cer file.
Is there any way to add the certificate to the Trust center during installation, without using a .cer file (as we don't have it now) ?

Thanks in advance.

[Catalin]

Hello,

As far as I'm aware, you can Export certificates from Azure Key Vault.

Similarly, from another article:

Quickstart: Set and retrieve a certificate from Azure Key Vault using the Azure portal

I can see that there is an option to "Download in CER format":

Screenshot_185.png (80.69 KiB) Viewed 7192 times

After doing so, we can use our "Install Certificate" custom action to add the certificate to the Trusted Root.

Hope this helps!

Best regards,
Catalin

[apsSanj]

Yes, due to some miscommunication issue, I thought the .cer file is not exportable. Actually the not exportable one is the private key. We were able to download the .cer file and install it during installation from the custom action. Now the issue is fixed.

Thank you for your reply.

[Catalin]

You are always welcome!

Best regards,
Catalin