Background
I had a need to add a trusted publisher to a client machine via code. The scenario was that I was going to have AD push an installer (msi) to the clients desktops and then run the installer. In the code to the installer, I needed it to add a trusted publisher certificate to the local machine store. That way, when I used click once, the machine would not alert the end user that there were any trust issues. Actually with the trusted publisher in place, click once applicaitons signed with the certificate would install with no user interaction needed.
Procedure
Here is all it takes in .net (.net 2005) to add the certificate, this code would run inside an installer class (called from an installer project).
C#
using System.Security.Cryptography.X509Certificates;
X509Certificate2 cert = new X509Certificate2(Environment.GetFolderPath(Environment.SpecialFolder.System) + @”\certificatenamehere.cer”);
X509Store store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
try
{
try
{
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
}
catch (InstallException ex)
{
// Log error
}
finally
{
store.Close();
}
}
catch (InstallException ex)
{
// Log error
}
VB.NET
Imports System.Security.Cryptography.X509Certificates
Dim cert As New X509Certificate2(Environment.GetFolderPath(Environment.SpecialFolder.System) + “\certificatenamehere.cer”)
Dim store As New X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine)
Try
Try
store.Open(OpenFlags.ReadWrite)
store.Add(cert)
Catch ex As Exception
‘ log error
Finally
store.Close()
End Try
Catch ex As Exception
‘ log error
End Try
