Hello Dave,
Microsoft Office uses some of the security settings set by Microsoft
Internet Explorer when it attempts to authenticate certificates of trust
prior to use, even if the certificate is already accepted and present on a
user's computer. Each time an Office application attempts to run an
executable signed with an attached certificate, some events occurs if the
Check for publisher's certificate revocation check box is set to checked in
the Internet Explorer Advanced settings dialog (See
http://office.microsoft.com/en-us/ork20 ... 81033.aspx).
The issue arises because the .NET Common Language Runtime (CLR) uses the
Public Key Infrastructure (PKI) system found on Windows systems and on an
isolated network. When .net framework is verifying a digitally signed
assembly, it requires downloading the CRL (certificate revocation list)
from the Certificate provider. The certificate checking mechanism times out
after a certain number of attempts to servers that host the CRL. The .NET
CLR loads the assembly after all the re-tries are completed, which shows up
as a 15 seconds delay. That is why it takes a long time to load your office
add-in. This behavior is by design.
This problem would occur with any .NET assemblies that are code signed
(
http://msdn2.microsoft.com/en-us/library/ms537361.aspx) with a digital
certificate. A code-signed assembly is different from a strong-named one
(see
http://conferences.codegear.com/cn/article/32226 ) . Code signing
assemblies is recommend because it makes components tamper-proof and
ensures users know the identity of the component publisher. Therefore we do
not suggest that you remove the code sign of your dlls.
The workarounds include:
1. uncheck the "Check for publisher's certificate revocation" in IE. By
disabling the CRL checking, you are not exposed to a security threat.
2. You could manually download the CRL and install in on the system. But
the CRL is valid only for 10-15 days.
3. it is possible to programmatically set the CRL verification. When the
'Check for publisher's certificate revocation' is unchecked, a setting in
the registry is changed. To turn off CRL verification, set
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust
Providers\Software Publishing\State from 0x00023c00 to 0x00023e00. To turn
CRL Checking on again, reset the State key to 0x00023c00
Please let me know if you have any other concerns, or need anything else.
Sincerely,
Jialiang Ge (jialge@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support
=================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from your issue.
=================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
) !
, so I created dummy component library WindowsControlLibrary1.dll by myself.