Developer CA for Microsoft Office Add-ins problem

[codebizness]

I've generated office 365 add-in project using generator. It is causing problem when I was trying to load add-in or side loading by throwing following exception:
NET::ERR_CERT_AUTHORITY_INVALID

After little investigation I found that due to some reason or error, it has limit and certificate issue date is today and its expiry is in early dates. I am not sure if this is the reason for above error. It is pretty much clear that certificate generation has issue. I'll appreciate if you could point me in right direction.

[akrantz]

The certificates have a 30 day expiration by default. Each time the dev server is run, it should check and if needed, it will prompt to install a new CA certificate. It sounds like the CA cert is not installed. In a command prompt, you can run "npx office-addin-dev-certs uninstall" followed by "npx office-addin-dev-certs install" to update. You should get a dialog prompt to confirm the cert install.

[codebizness]

The certificates have a 30 day expiration by default. Each time the dev server is run, it should check and if needed, it will prompt to install a new CA certificate. It sounds like the CA cert is not installed. In a command prompt, you can run "npx office-addin-dev-certs uninstall" followed by "npx office-addin-dev-certs install" to update. You should get a dialog prompt to confirm the cert install.

Thanks for your answer, I followed your provided steps, certificate is generated but every time the app, it re-generate certificate, although it is saying that certificate has been trusted.

[arghyadharmsft]

Hello All,
Please help me with the following issue.
When I generate the localhost.crt through npx office-addin-devcerts-install in cmd, the Developer CA certificate generated is OK like below:

But when I generate the localhost.crt through npm start to my Office Addin in Visual Studio Code, the Developer CA certificate generated has an invalid digital signature like below:

Can someone please let me know why the localhost.crt creation gets corrupted when doing a npm start?

[millerds]

@arghyadharmsft What arguments are you passing to this 'office-addin-dev-certs install' command (I assume that's the command you are running because I don't know of an office-addin-devcerts-install package")?

[arghyadharmsft]

Hello @millerds : I am not passing any arguments, just the npx office-addin-devcerts-install in cmd

[millerds]

What is the "office-addin-devcerts-install" command? That is not one that we provide.

[arghyadharmsft]

@millerds : Could you please tell me what command should be used for installing the Dev Cert for Local host?

[akrantz]

The package name is office-addin-devcerts and the command name is install, so the command line is npx <package> <command> which is npx office-addin-devcerts install with a space before install instead of a hyphen.

[arghyadharmsft]

@millerds @akrantz: Yes i misspelled it here but I used npx office-addin-devcerts install. And this generated a valid localhost.crt.
But the issue is why the created localhost.crt gets corrupted when doing a npm start in the Addin Project?
Also I have seen it regenerates the certificate every time npm start is used in the Addin Project? Why doesn't it reuse the older certificate which was generated by npx office-addin-devcerts install.

Please provide you valuable and Expert suggestions.

[codebizness]

@millerds @akrantz: Yes i misspelled it here but I used npx office-addin-devcerts install. And this generated a valid localhost.crt. But the issue is why the created localhost.crt gets corrupted when doing a npm start in the Addin Project? Also I have seen it regenerates the certificate every time npm start is used in the Addin Project? Why doesn't it reuse the older certificate which was generated by npx office-addin-devcerts install.

Please provide you valuable and Expert suggestions.
I've getting issue on npm start and it keeps re-installing certificate which never get installed for some reasons. I've used OpenSSL directly, it solves problem but later, I've removed and cleaned cache etc. And;
upgraded "office-addin-sso" npm to latest version a month ago, and after that it is working like charm. Just to mention, OpenSSL has nothing to do it. Just upgrade "office-addin-sso" .

[arghyadharmsft]

@codebizness : Could you please tell me what npm command I should use to upgrade office addin sso? And should I do this from cmd or in the addin project in Visual studio code?

[codebizness]

@codebizness : Could you please tell me what npm command I should use to upgrade office addin sso? And should I do this from cmd or in the addin project in Visual studio code?

I believe the following will work:
npm update office-addin-sso

Please have a look on package.json before and after and note down its version you already have.

[arghyadharmsft]

@codebizness : So once after npm update office-addin-sso and then doing a npm start in the Office Addin Project in VS Code and checking if the localhost.crt generated is having a valid signature, right?

[codebizness]

@codebizness : So once after npm update office-addin-sso and then doing a npm start in the Office Addin Project in VS Code and checking if the localhost.crt generated is having a valid signature, right?
Yes, after update, your "npm start" should work.

[arghyadharmsft]

@codebizness : Even after doing this the generated localhost.crt shows invalid signature. Why does a npm start corrupts the loclhost.crt?

[arghyadharmsft]

@codebizness @millerds @akrantz @vboctor : Any expert suggestions will be highly appreciated.

[millerds]

Running 'npm start' uses the same code path that "office-addin-dev-certs" (note the "dev-certs" hyphen) package uses during the install command . . . it's actually calling into the package (via a dependency installation). 'npm start' runs the "office-addin-debugging" package, so you can update the version of that in your project in order to make sure you have the most recent updates. But the two triggers use the same code path except for the fact that 'npx' could be pulling a newer version of the package if it isn't already installed at the location you are running 'npx' from (i.e. global vs. project).

Note that there have been some fixes to office-addin-dev-certs in the past few months so make sure you are using a current version of the package.

[arghyadharmsft]

@millerds: Yes the latest version of the package is used, and also npm update office-addin-sso is done.
But the issue is even if the localhost.crt (generated via npx office-addin-devcerts install ) is present in the .office-addin-dev-certs folder. But doing a npm start to the Office Addin Project in Visual Studio code again regenerates the localhost.crt and corrupts it. So I wanted to know why the certificate is getting corrupted or why does it regenerate the localhost.crt again when we dop a npm start?

Corrupted certificate on doing npm start in VS code:

[akrantz]

Try npx office-addin-dev-certs uninstall (and confirm any prompts to remove certificates).
Then npm start should prompt to install an updated cert. As Darren said, this is the same as npx office-addin-dev-certs install.

Once the cert is installed, opening the browser to https://localhost will allow the browser to show if trusted or not, and may provide clues about why not.

I've never seen a cert that has an invalid signature, and don't really have more info as to why that may happen, if that is indeed the problem. The localhost SSL cert uses the "Developer CA for Microsoft Office Add-ins" CA cert, so you check if that one is valid and trusted.