VSTO add-ins are known for being difficult to handle correctly inside Office applications. The setup process may complete without errors, and the add-in appears to be installed as expected.
However, when opening Outlook or Excel, the add-in does not appear at all. It is not visible in the ribbon, and in many cases there are no clear error messages explaining why.
This behavior is common when working with VSTO. The issue is usually not related to the installation itself, but to how the add-in is signed and trusted.
VSTO relies on multiple components that must be properly signed and aligned. If any part of this chain is missing or incorrect, the add-in will not load in the application, even though everything seems to be installed correctly.
What prevents the VSTO add-in from loading
The most common cause of this issue is incorrect or incomplete signing of the VSTO package.
VSTO add-ins consist of several components, including the installer, application manifest, and deployment manifest. These elements are linked and must be handled together. Signing only setup.exe does not ensure that the add-in will load in the Office application.
Certificate trust also plays a critical role. Even with properly signed files, the add-in will not run if the certificate is not trusted on the target machine. In such cases, Office may block it without showing a clear error.
How we handle this in practice
When working with VSTO add-ins, we follow a structured approach to ensure that all required components are properly signed and trusted. The goal is not just to complete the installation, but to make sure the add-in actually loads and becomes visible in the Office application.
First, download the Windows SDK and create a folder for certificate files, for example C:\Cert.
Once everything is in place, open Command Prompt and navigate to the Windows SDK tools location:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86
Run the following commands:
makecert -r -sv C:\Cert\ViaMonstra.pvk -n CN="ViaMonstra" C:\Cert\ViaMonstra.cerYou can skip the password by selecting “None”:
cert2spc C:\Cert\ViaMonstra.cer C:\Cert\ViaMonstra.spc
pvk2pfx -pvk C:\Cert\ViaMonstra.pvk -spc C:\Cert\ViaMonstra.spc -pfx C:\Cert\ViaMonstra.pfxOnce the certificate is created, it can be used to sign setup.exe. Run the following command:
signtool.exe sign /f C:\Cert\ViaMonstra.pfx /t http://timestamp.comodoca.com /v C:\work\Package\Files\setup.exeAfter that, update and sign the application manifest. In Command Prompt, navigate to
C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.7.2 Tools
Then run the following command:
mage.exe -update "C:\work\Package\Files\Application Files\D2OutlookAddIn_1_0_2_3\D2OutlookAddIn.dll.manifest" -certfile C:\Cert\ViaMonstra.pfxmage.exe -update "C:\work\Package\Files\Application Files\D2OutlookAddIn_1_0_2_3\D2OutlookAddIn.vsto" -appmanifest "C:\work\Package\Files\Application Files\D2OutlookAddIn_1_0_2_3\D2OutlookAddIn.dll.manifest" -certfile C:\Cert\ViaMonstra.pfx
mage.exe -update "C:\work\Package\Files\D2OutlookAddIn.vsto" -appmanifest "C:\work\Package\Files\Application Files\D2OutlookAddIn_1_0_2_3\D2OutlookAddIn.dll.manifest" -certfile C:\Cert\ViaMonstra.pfxDuring this step, error messages about missing files may appear. This does not always indicate a failure, as the manifest can still be signed successfully.
How to trust the certificate
After signing, extract the certificate from setup.exe and add it into the trusted certificate stores, as shown below.
After clicking Next, the certificate file will be successfully exported.
Once exported, install the certificate into the Trusted Root Certification Authorities and Trusted Publishers stores.
These steps ensure that the certificate is properly trusted, allowing the VSTO add-in to load in the Office application.
Conclusion
VSTO add-ins require more than a standard signing approach. Even when the installation completes successfully, missing steps in the signing or trust chain can prevent the add-in from loading in the Office application.
To ensure the add-in appears and works as expected, all components must be properly signed, and the certificate must be trusted on the target machine.
If you need help with application packaging, you can always reach out to the Apptimized team.