So as I have been developing increasingly more Revit plug-ins these days, I finally came to realization that the stupid security warning about Untrusted Publisher that Revit shows on startup really annoys me.
This has long been discussed before by Jeremy Tammik and Harry Mattison on their respective blogs, so I won’t go into specifics of why we have to sign our plug-ins. What I will go into at length is, one of the possible methods/companies that you can obtain your code signing certificate from and how to install it. Harry talked about basic setup in this post: BoostYourBim and Jeremy Tammik chimed in on why one needs to sign their plug-ins over at Autodesk Forum. Please give it a try. Now, let’s get to it.
!!!— I, by no means endorse KSoftware or Comodo in this post. They are just one of the many companies that offer this service, so feel free to make your own choice. I did make mine based on the fact that Harry used them, and it worked for him so I just went with that. —!!!
!!!—This is important. KSoftware/Comodo issue your certificate using the internet browser (exactly the keygen functionality). It is critical to the whole process that you place the order, using a compatible browser. Chrome is not. Neither is Edge. Basically make sure you are using Firefox or Internet Explorer for every step of the way. —!!!
- First you need to place an order with KSoftware. They will ask you to verify your company. One of the many ways that you can do that is to sign up with yet another company (which I am not endorsing either) by the name of Dun & Bradstreet. Now, they will require you to submit paperwork that proves that you are who you are and that you own the company etc. etc. To obtain the DUN’s number you will just have to register your company with them, and wait for like 2 weeks. They will try to sell you stuff, so beware of that. You can just decline and wait for them to issue the free number.
- Once you get that out of the way, you will get an email that says that your certificate has been issued, and you need to collect it. It will look like this:
- Again, make sure that you are using the same compatible browser as when you were placing the order or this can possibly fail. Otherwise just follow their link and you should get a message asking if you want to install your certificate. If you were to use the wrong browser (let’s say latest Chrome), it would instead just download a certificate file. That’s not what you want. You want it installed, so that when you go to Internet Options>Content>Certificates it will show like this:
- Now that you have your certificate installed you can export it. You basically want to export it to a PFX file that is encrypted with a password, so that you can store it safely on your computer and use it to sign your DLLs. Here are the steps to get it exported. Please follow these and you will get a PFX file. Export steps.
- Now that we have the certificate exported, we can use a signtool.exe that ships with Visual Studio to sign your DLLs after they are being compiled. The way to do that is to add a Post Build Event to your assembly. You can do it by right clicking on the project in your Solution browser and navigating to Properties:
- Then under Post Build Events you can add a line of code that asks the signtool.exe to sign your plug-in using the PFX file you previously exported. It looks like this:
- The actual code is this:
Now, this will not take away the Revit warning on the first try. However this time it will show it with your credentials, and you can choose to launch your plug-in. It should take it away on every subsequent Revit opening event. Also, when adding your sign command to the Post Build Event, please remember to sign your code first before moving your DLL somewhere else. I usually use copy commands there as well to copy my DLLs to appropriate Revit folders, so just make sure they are signed before they are moved.
This should do the trick. Let me know if you have any questions, and huge thanks to Harry Mattison and Jeremy Tammik for their initial posts. They were great at getting me through this process.
Ps. From reading comments on Boost Your Bim post, it seems like on some machines you might have to open Internet Explorer before launching Revit. I am not sure why that would be, but I am just putting it here if someone runs into trouble.