RE: Self-Signed Test Certificates and signing SHIMS for Add-Ins

Hi jojobar,

Thanks for your feedback.

Certificate is just a file which can pass the valid public key to the user.
The key point is that how can we be sure that the public key in the
certificate is the one from the correct owner. This is done by encrypting
the public and other information in the certificate with *issuer*'s private
key.(we can ensure this by using *issuer*'s public key to decrypt the
certificate, which should be OK). Then the problem lies in how can we trust
the *issuer*, so we will get a chain of certificate on our machine. In the
top, we will get a root certificate, which is signed(issued) by well-known
certificate issuer(certificate authority), such as VeriSign or Thawte. If
not, we can not be sure that this certificate chain can be trusted, and we
can not trust the public key in this certificate.(It may come from some
other bad person...)

Ok, enough background information. Let's back to your problem. There is no
definite definition for "test certificate", but we can get some information
from the tools generating "test certificate":
The MakeCert tool creates an X.509 certificate, signed by the test root key
or other specified key, that binds your name to the public part of the key

So we can see that for test certificate, it does not care about the
certificate chain, it uses some "test root key" to sign the public key in
the certificate. So it is not signed by a valid CA, and can not be trusted
by any client machine.(How can a client machine trusts a certificate signed
by a random key... :-) )

If you use makecert.exe to generate a *.cer file, you can double-click it,
then in the popup dialog, you will see the certificate path, and other

For Word add-in side issue, I think this is because you uses a non-trusted
certificate(sure, because it is a test certificate). I suggest you go and
obtain a trusted certificate then do some test with it. For more
information regarding obtaining a valid certificate, you can get some
information in "Obtaining Certificates" section in the article below:
"Secure Sockets Layer: Protect Your E-Commerce Web Site with SSL and
Digital Certificates"

Hope this helps

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! -
This posting is provided "as is" with no warranties and confers no rights.