Option to install the VSU without admin rights?

[Yacine]

Hi Paul,
I just wanted to test the new VSU, alas I have lost my home visio licence and thought I could do the test on my work computer ... for which I have no admin rights.

When Nikolay published his SVG-export tool, the installation wizzard had the option to install only for one self and did not require admin rights.
http://visguy.com/vgforum/index.php?topic=7642.0 (reply #2)
@Nikolay, could you provide information on this feature?

[Nikolay]

It simply installs files to the user profile (Users\<username>\AppData\Local\<folder>) instead of "Program Files\<folder>", and
writes all registry entries to the "Current User" instead of the "Local Machine" registry hive (using "HKMU" key - that one changes its value depending on if ALLUSERS variable is set)

In principle, VSL must be loadable if installed to the user profile, doesn't it work if you simply change the target installation folder?
The registration using Visio Solution Publishing tool may be an issue, but not quite sure - my setup does not use it, it writes the entries directly to the registry.

[Paul Herber]

I'm using the built-in build and code-signing features within Visual Studio (Community Edition) but I can't see any option to change any of the install details like that.

[Paul Herber]

I need to get a new code signing certificate.

[Nikolay]

BTW, DigiCert is providing FREE code signing certificates to MVPs

With the DigiCert certificate, one can not only sign the code but also set up WinQual account
(for example, to receive the crash dumps related to your apps from Microsoft "Send report to Microsoft")

[Paul Herber]

I'm not an MVP.
I don't have a company any more so when I've applied for a certificate I get asked for my company DUNS number and other business information and when I say I have nothing like that they say they have to have that info. I've just filled in the application form for a Comodo certificate, selected the personal version and still get asked for all this business info.

[Nikolay]

I've been getting the certificate all the time from the StartSSL (Israel), IMHO they were the best and the cheapest ones...
Unfortunately, after being bullied by Mozilla & Co they had to shut down last year, now it's questionable...

About the DUNS - I've got it automatically somehow after registering myself as self-employed a few years ago - didn't do anything, just got listed.

[Paul Herber]

I'm going down the https://www.leaderssl.com/ route who are a Comodo reseller.
So far, I filled in their form for personal use (non company), got an email asking for full business data (DUNS etc). Replied to them saying that it was personal, not business. They then said I had to go through Face-to-face validation with a Public Notary. <Deity> knows what that will cost! Started that procedure, then got another email saying I can just send them scans of driving licence/passport, recent phone bill and bank statement. So I do that and then told off for not going through a notary.

Why can you never find a decent brick wall when you want to hit your head against one?

[wapperdude]

Yikes! Paul.  Giving all that info via electronic transmission sounds really, really scary!  Going to brick and mortar is one thing, but electronic???

Just saying...

W.

[Nikolay]

I feel your pain. That "go see a notar" thing from comodo was one of the reasons for me to go for startssl.. that's just crazy, and they introduced this one or two years ago. StartSsl asked only for the pass scan, driving license scan, phone, and household bills to issue a certificate to an individual... For me, now it's a bit easier, after being registered as a company.

@Yacine, those docs are currently required to get a code signing certificate... passing them to a certificate issuing authority is basically okay, as per my experience.

Sort of funny story, By a pass scan from a movie, you can get a real loan
https://twitter.com/EnglishRussia1/status/1001180417997922304

[Paul Herber]

I ran a company for 34 years, I needed to simplify my life to decided that sole trader (self-employed) was the way to go. Shrug, well, win some, lose some.

[Visio Guy]

I just went through this cert process. They wanted letterhead. Why would I have that? They wanted phone bills. I don't have any, we use pay-as-you-go mobiles, and the only name attached anywhere is my wife's. I went to a notary. Three to five times they told me "Ok, you can do this or that instead'. Every time I did it, they then told me "we can't accept that." afterwards. All I did was shout per e-mail for three weeks. I finally leaned on k-soft to (who sold it to me) to tell Comodo to get their shit together, and I finally got the cert. And this was all for a RENEWAL!

[Nikolay]

Seriously, this thing sucks. Going through this mess just to verify that you are you. The guys from StartSSL started 20 years ago with the idea of completely free certificates, when people can simply verify each other's identity. Why didn't it fly? Just a thought - maybe this idea can be revived somehow now with blockchain and all this stuff?

[Visio Guy]

I wonder if that's part of the game. You get angry, you yell and scream at them for three weeks, but you don't go away. So at least you have some legitimacy from the persistence. This probably eliminates a lot of sleazy businesses who wouldn't stick with it for so much effort, but also a few  legitimate ones, unfortunately.

[Paul Herber]

Well, I've finally got the code-signing certificate. I'm now also qualified to hit my head against brick walls.
The notary business wasn't too onerous, passport, driving licence, telephone bill, bank statement, all norarised scanned and emailed by the notary to Comodo, they then do the automated telephone check, they give you a web page to visit which contains a box to enter a 6-digit number, they call you on the number on the telephone bill, tell you the 6-digit number, the certificate is issued within a few minutes.
That's when the next lot of fun starts. Collecting the certificate.
The instructions state you must use the same computer and browser you used when requesting the certificate. You must also use IE version 8 or higher. You cannot use Firefox, Chrome, Safari or Edge. Call this WTF moment number one.
They state that only IE8+ has the SHA-256 capabilities and also the ability to export your certificate to a usable certificate file. Chrome, Safari and Edge do not have these abilities at all. Firefox can get the certificate but cannot export it to a certificate file. D'oh. I had used Firefox to request the certificate. It is my normal browser. I would never use IE in a month of Sundays and forget Edge!
So I used IE and try to get the certificate - error ...


Error message - certificate can not be installed. then

ERROR 0x80092004: CertEnroll::CX509Enrollment::InstallResponse: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)

The various help files mention private keys, I don't have a private key, no mention of a private key was made in the application process.

However, looking in the certificate store I see it has been installed but not as a personal certificate, it is in the Other People section, so is unusable by me.

Next day ...

Ok, let's try Firefox, ooo , success, certificate installed, in the personal section, all looks ok, but, as the instructions say, there is no Export.

It's not until you dig deeper ...
Options -> Privacy & Security -> Certificates -> View Certificates
Find your certificate and select it, choose backup and save it as a .p12 file.
Wooo - almost.
I can sign exe and msi files using the kSign utility.
Visual Studio recognises the certificate and signs my build. Install into Visio 2016. Fine.
Run Visio - fail -
SignatureDescription could not be created for the signature algorithm supplied

Call this WTF moment number two.
I need a beer.