1
What to do with GhostDoc not installing due to lack of Internet connection and invalid certificate
Question asked by Maciej Marszałek - 9/2/2024 at 5:01 AM
Answered
Hello,
Is there a way we could install GhostDoc without the error of not having a valid certificate?
I assume it appears because VSTO installer cannot connect to proper server and so installation files are deemed not valid. Is there a certificate I can install to counter this and where/how should I get it?
Or maybe there's a second way to do that?

5 Replies

Reply to Thread
0
Misha Zhutov Replied
Employee Post
Hi Maciej,

You can install GhostDoc (via VSIX) even without an internet connection. It just reports the "Invalid Timestamp" but you can click Install to proceed.

0
Maciej Marszałek Replied
Unfortunately that's not the case, I've tried it and it didn't work:
16/10/2024 15:43:48 - 	SignatureState     : InvalidCertificate
16/10/2024 15:43:48 - 	SignedBy           : vbcity.com LLC
16/10/2024 15:43:48 - 	Certificate Info   : 
16/10/2024 15:43:48 - 		-------------------------------------------------------
16/10/2024 15:43:48 - 		[Subject]       : CN=vbcity.com LLC, O=vbcity.com LLC, S=Washington, C=US
16/10/2024 15:43:48 - 		[Issuer]        : CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
16/10/2024 15:43:48 - 		[Serial Number] : 42CAAC7D566FF22405D19B17290F33B2
16/10/2024 15:43:48 - 		[Not Before]    : 20/01/2022 00:00:00
16/10/2024 15:43:48 - 		[Not After]     : 19/01/2025 23:59:59
16/10/2024 15:43:48 - 		[Thumbprint]    : 588F681138B4F0DACC8214154B07BC8D73DC99F9
16/10/2024 15:43:48 - 
16/10/2024 15:43:48 - 	Supported Products : 
16/10/2024 15:43:48 - 		Microsoft.VisualStudio.Community
16/10/2024 15:43:48 - 			Version : [15.0,17.0)
16/10/2024 15:43:48 - 		Microsoft.VisualStudio.Community
16/10/2024 15:43:48 - 			Version : [17.0,18.0)
16/10/2024 15:43:48 - 
16/10/2024 15:43:48 - 	References         : 
16/10/2024 15:43:48 - 	Prerequisites      : 
16/10/2024 15:43:48 - 		-------------------------------------------------------
16/10/2024 15:43:48 - 		Identifier   : Microsoft.VisualStudio.Component.CoreEditor
16/10/2024 15:43:48 - 		Name         : Visual Studio core editor
16/10/2024 15:43:48 - 		Version      : [15.0,18.0)
16/10/2024 15:43:48 - 
16/10/2024 15:43:48 - Signature Details...
16/10/2024 15:43:48 - 	Extension is signed with an invalid certificate
16/10/2024 15:43:48 - 		(PartialChain)      : A certificate chain could not be built to a trusted root authority.
16/10/2024 15:43:48 - 		(RevocationStatusUnknown): The revocation function was unable to check revocation for the certificate.
16/10/2024 15:43:48 - 		(OfflineRevocation) : The revocation function was unable to check revocation because the revocation server was offline.
16/10/2024 15:43:48 - 
When I am online instead, the installation with /admin switch works flawlessly
And this installation completes in success, the extension is visible in "Tools>Extensions and Updates"

What can I do to be able to install with /admin switch? Should I gain somehow this certificate and install it for /admin version of installation to be available? Where do I get said certificates?

Sincerely,
Maciej Marszalek
P.S. I've tried your way and it looked like it would work without /admin switch, but it didn't show in Extensions afterwards.
0
Misha Zhutov Replied
Employee Post Marked As Answer
It seems that some settings in your security policy prevent you from installing GhostDoc Pro. We tested the installer on a clean VM with Windows 10, and we could install GhostDoc Pro even without an internet connection.

To install VSIX as administrator you need to run the VSIXInstaller.exe  with /admin option.

0
Maciej Marszałek Replied

We have already tried that and this really did not help.
 Our command is run in PowerShell run as SYSTEM user (not normal, nor with just Admin rights) while the Internet adapter is turned off:
 

& "C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VSIXInstaller.exe" /admin "C:\TEST\GhostDoc Enterprise.v2022.2.22190.VS2017-VS2022.Extension.vsix"

We are sure there are no security policies involved, as the tests were also run on a Hyper-V VM freshly installed from a general ISO on an offline machine with an offline user profile.

 

From my point of view the application is trying to get the required Digital Signature and it does not find any on the computer and it cannot get it online (because no adapted ofc). The VS 2017 on which we are trying to install it also was installed using SYSTEM user - maybe that makes some of the certificates to be misplaced/

 

What I would like to turn Your attention to is some quirk that might actually work as a workaround. As I've already pointed out, when I run the installation while online, the Digital Signature is available, and when I run it offline it's invalid.

(Offline and online comparisson)
 A screenshot of a computer

Description automatically generatedA screenshot of a computer

Description automatically generated

 

However, if I start-up the installation while online and cancel it, the Digital Signature is somehow retained and stored, so it can be use it regardless of being online or offline
 A screenshot of a computer

Description automatically generated

My question is: can I export this certificate(s) somehow somehow and install it for future installations?
 How to check where it is stored? Where exactly should I install it on a fresh computer to work offline installations?
 (Certs and their certification path)

A screenshot of a certificate

Description automatically generated

A screenshot of a certificate

Description automatically generated

A screenshot of a certificate

Description automatically generated

A screenshot of a certificate

Description automatically generated 

A screenshot of a computer

Description automatically generated

 

0
Misha Zhutov Replied
Employee Post
Hi Maciej,

We always sign the VSIX file (as Microsoft recommends) with the certificate. The VSIXInstaller.exe tool is used to install the VSIX file, and it does not provide an option to skip the certificate verification.

Please contact support@submain.com and we provide you with a possible workaround.

Reply to Thread