I have an issue with Office where if I require code signing for Add-ins the authentication fails if I don't have the Intermediate CA Certificate installed. I can verify the certificate fine on the desktop so it seems that Office is somehow not pulling it through. How are the intermediate certificates supposed to be evaluated?

Hi,

Could you start Office like Excel in safe mode, check if Microsoft Code Signing PCA listed in Trusted Publishers? And if it is listed there, see what is the expiration date? Also if you could share me a screen grab with the issue you are facing will be very helpful.

Meanwhile, let re-install the certificate for a try:

1. Start run -> certmgr.msc
2. Locate to Trusted Publishers->certificates, check if Microsoft Code Signing PCA is there and not expired.
3. Right click the Microsoft Code Signing PCA -> All task -> Export The certificate to your local machine, like desktop with name: Microsoft Code Signing PCA.
4. Go to desktop, right click the certificate you exported ->Install Certificate ->Local Machine ->Next till finish.
5. Lunch to Excel to see if the Certificate list properly in trusted publisher.

Let me know the result, thank you.

Hi Chloe. To clarify: we don't use the Microsoft certificate. This is signed with a VeriSign Publisher certificate.

Re-installing the Publisher cert doesn't help but installing the intermediate cert works. I'm trying to understand why that manual step is necessary.

This is the error message I get:

I was wondering if anyone had any more suggestions on this? We've tried using signtool to include the intermediate certificate but it doesn't seem to have helped.