Signing Outlook Plugin installer (.msi) files

Out of the box, the Classic Outlook Plugin and Lite Outlook Plugin installer (.msi) files are signed with a digital certificate issued by Sage Technologies Limited.

When a user requests a download of an Outlook plugin .msi file, Sage CRM modifies the .msi file by applying custom installation parameters to it. This invalidates the digital signature that has been applied to the .msi file out of the box.

As a result, when a user runs the downloaded .msi file, Windows may display a warning reading that the digital signature of the file is invalid. To avoid this, you can configure Sage CRM to automatically sign the .msi files with a valid certificate after custom installation parameters have been applied.

Your certificate must: 

  • Be installed in the Local Computer\Personal certificate store on the Sage CRM server.
  • Have a corresponding private key.
  • Be enabled for the code signing purpose.
  • Be trusted on the client computers on which users will run the signed .msi files.

    To ensure this, install the certificate in the Trusted Root Certification Authorities store on each client computer.
Sage CRM is supplied with a demo certificate. For more information, see Using a demo certificate.

To automatically sign the .msi files, complete these steps:

  1. Enable digital signing of the .msi files: 
    1. Go to <My profile> | Administration | Users | User Configuration and click Change.
    2. Set Digitally sign plugin installer to Yes.
  2. In Certificate thumbprint (optional), enter the thumbprint of a valid certificate and click Save.

    If you leave this option blank, Sage CRM tries to find a suitable certificate in the following certificate store locations on the Sage CRM server: 

    • Local Computer\Personal
    • Local Computer\Trusted Root Certificate Authorities