Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Word add-in tutorial. Security certificate error. #1275

Closed
JohnLukeBentley opened this issue Sep 1, 2019 · 12 comments
Closed

Word add-in tutorial. Security certificate error. #1275

JohnLukeBentley opened this issue Sep 1, 2019 · 12 comments
Assignees
@Rick-Kirkham
Labels
Area: Word Feedback on Word content Status: fixed Fix is complete and will be available to customers as soon as doc updates are published Type: doc bug Problem with the documentation (e.g., doc is out of date, unclear, confusing, or broken)

Comments

@JohnLukeBentley
Copy link

Article URL

"Tutorial: Create a Word task pane add-in" ... "Test the add-in"

Issue

In short: In Word for Desktop I get a security certificate error when trying to the follow the tut.

In detail:

I've successfully completed the Build your first Word task pane add-in, using:

  • "Yeoman generator for Office Add-ins";
  • Sideloading on Windows (for used in Word on Windows Desktop); and
  • With the project in Visual Studio Code.

However, I get an error when attempting "Tutorial: Create a Word task pane add-in". (This tutorial avoids the "Yeoman generator for Office Add-ins", if I'm understanding matters correctly) . Specifically when attempting to sideload on Windows I get the following error in my Taskpane:

ADD-IN ERROR
The content is blocked because it isn't signed by a valid security certificate.
[Restart]

In following "Tutorial: Create a Word task pane add-in" I've Installed Word-Add-in-Tutorial\Start\certs\ca.crt by, as directed, following Installing the self-signed certificate, using "Method #2: manually install the certificate" for Windows. In short, by double clicking ca.crt and installing it into the "Trusted Root Certification Authorities" store.

That is, it seems I've successfully trusted the Certificate Authority. However I haven't signed the project as such (and am unclear if that is required and how one would do that if it is). In \certs\ I see the: ca.crt; server.crt; and server.key.

Is there a missing step in the documentation that requires one to sign the project (quite apart from installing the ca.crt for Certificate Authority trust)?
@ghost ghost added the Needs: triage 🔍 New issue, needs PM on rotation to triage ASAP label Sep 1, 2019
@kbrandl kbrandl added Area: Word Feedback on Word content Needs: attention 👋 Waiting on Microsoft to provide feedback Type: doc bug Problem with the documentation (e.g., doc is out of date, unclear, confusing, or broken) and removed Needs: triage 🔍 New issue, needs PM on rotation to triage ASAP labels Sep 2, 2019
@kbrandl
Copy link
Contributor

kbrandl commented Sep 2, 2019

@JohnLukeBentley sorry to hear that you've run into this problem. @Rick-Kirkham is this something that you can investigate? Thanks!

@JohnLukeBentley
Copy link
Author

Thanks @kbrandl !

@Rick-Kirkham
Copy link
Contributor

I can reproduce this. I'm investigating.

@kbrandl
Copy link
Contributor

kbrandl commented Sep 5, 2019

This cause of this issue may be that there are extraneous/old/untrusted certificates for localhost in the certificate store on your machine -- as described in my last comment on this issue: OfficeDev/generator-office#486. I was able to resolve the issue described there by manually removing the extraneous localhost certs -- perhaps give that a try?

@Rick-Kirkham
Copy link
Contributor

I've tried that. But it found the old cert anyway. Still working on it.

@Rick-Kirkham
Copy link
Contributor

I can reproduce this on one of my computers, but everything works fine on another. We expect to be making a change to the tutorial in the next few days that will change the cert handling significantly anyway. I think we're not likely to get a shorter term fix.

@JohnLukeBentley
Copy link
Author

JohnLukeBentley commented Sep 6, 2019
edited
Loading

@kbrandl. Thanks for that suggestion. I tried a few variations on that suggestion with no luck. Anyway ....

@Rick-Kirkham. Thanks. I'll wait for the cert handling overhaul.

@Rick-Kirkham
Copy link
Contributor

@JohnLukeBentley This fixed it on my machine. Could you see if it fixes it for you?

  1. Close all browsers and all Office apps.
  2. If the server is running, shut it down by entering Ctrl-C twice. Then close the command prompt window.
  3. Open the bconfig.json file in the root of the project.
  4. Replace the line "https": true, with the following:
"https": {
        "key": "./certs/server.key",
        "cert": "./certs/server.crt"
    },
  1. Repeat the "Test the add-in" section of the tutorial.

@Rick-Kirkham Rick-Kirkham added Needs: author feedback Waiting for author (creator) of Issue to provide more info and removed Needs: attention 👋 Waiting on Microsoft to provide feedback labels Sep 6, 2019
@JohnLukeBentley
Copy link
Author

That fixed it! @Rick-Kirkham, you are a champion!

In addition to acting in conformance with your steps above, I (re)Installed Start\certs\ca.crt by, as directed in the Tut linked Installing the self-signed certificate, by double clicking it and installing it to the certificate store in "Trusted Root Certification Authorities". This displays as "Issued To: localhost-ca".

I did this given my fiddling with my certs after @kbrandl's helpful suggestion.

Does your fix count as the "significant" change to cert handling, or is there some other pending overhaul to be done?

@ghost ghost added Needs: attention 👋 Waiting on Microsoft to provide feedback and removed Needs: author feedback Waiting for author (creator) of Issue to provide more info labels Sep 6, 2019
@Rick-Kirkham
Copy link
Contributor

@kbrandl is working on a more drastic improvement. The tutorial won't be based on cloning a repo. Instead, you'll use our Yo Office tool to create a project. There's a point in that process, where the tool will just trust a cert automatically.

@Rick-Kirkham Rick-Kirkham added Status: in PR An open PR addresses this issue Status: fixed Fix is complete and will be available to customers as soon as doc updates are published and removed Needs: attention 👋 Waiting on Microsoft to provide feedback Status: in PR An open PR addresses this issue labels Sep 6, 2019
@Rick-Kirkham
Copy link
Contributor

Closing this as fixed because the fix goes to the repo used by the tutorial, not this repo for our docs.

@JohnLukeBentley
Copy link
Author

Yeah, using the Yeoman tool would make the tut consistent with the immediately prior "Build your first Word task pane add-in". So that overhaul of the tut sounds like the right thing to do.

Your fix allows me to keep progressing through the tut in its current state. So I'm grateful for that.

By the way, since last posting I reset my local changes, fetched from the updated repo, and restarted the tut. And it all works fine so far: I can work passed the "Test the add-in" in virtue of the incorporated cert references in bsconfig.json.

In short, yes I think it right for you to close this as fixed.

Thanks for your help!

@adehad adehad mentioned this issue Nov 24, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rick-Kirkham Rick-Kirkham

Labels
Area: Word Feedback on Word content Status: fixed Fix is complete and will be available to customers as soon as doc updates are published Type: doc bug Problem with the documentation (e.g., doc is out of date, unclear, confusing, or broken)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kbrandl @Rick-Kirkham @JohnLukeBentley