Add-In Error: Content is blocked because it isn't signed by a valid security certificate in Outlook 365

Question

Currently I am developing my custom add-in for outlook 365/

Then I am trying to use it for testing for example it shows me error. I investigated and found what it opens addon in iframe in edge browser. So question is how to add certificate/s to edge to allow my app to work in it?

I am using :

Outlook 365 desktop edition

What I tried

Switching flag in Edge browser to allow not certified certificates to "work"(same thing was done in chrome and it worked there)
As suggested in comments to use office-addin-dev-certs. Well I installed them on my project by using npm install office-addin-dev-certs and then I am trying to verify it by this command office-addin-dev-certs verify it throws error in console see image 3
exported certificates from chrome and imported them in edge browser and also on my machine . It did not helped.

Are you in development stage and running the addin in localhost? if so, https://github.com/OfficeDev/Office-Addin-Scripts/tree/master/packages/office-addin-dev-certs while in development stage — Outlook Add-ins Team - MSFT, Mar 28 '22 at 22:58
This did not helped me . I added to my project package.json by npm . After "installing" it I run command to verify it `office-addin-dev-certs verify` it showed me this kind of error https://i.imgur.com/HutdZwo.png So I assume it will not helped me — Nyuokimi, Mar 29 '22 at 06:46
To make sure, is your addin source location https://localhost ? Does the addin work running in Outlook online (OWA) either on Edge or on Chrome? You are right to import the certificates, have you tried importing them into Trusted Root Certificate Authorities? (Note that you should do this with localhost and development only). 'npx office-addins-dev-certs install/verify' are helpers to generate/install the certificate, so you can also do so manually as in your 3rd bullet point. — Outlook Add-ins Team - MSFT, Mar 30 '22 at 03:48

score 1 · Answer 1 · answered Dec 01 '22 at 21:59

The easy solution that worked for me was remove .office-addin-dev-cer from User folder. Then by running my Add-Ins by npm start I got popped by a message box to remove existing certificates (ca.crt, localhost.crt). After clicking on Yes for 3 messages I have been asked to install new certificates and all certificates re-installed and my Add-Ins works fine now.

score 0 · Answer 2 · answered Mar 28 '22 at 15:02

While not strictly required in all add-in scenarios, using an HTTPS endpoint for your add-in is strongly recommended. Add-ins that are not SSL-secured (HTTPS) generate unsecure content warnings and errors during use. If you plan to run your add-in in Office on the web or publish your add-in to AppSource, it must be SSL-secured. If your add-in accesses external data and services, it should be SSL-secured to protect data in transit. Self-signed certificates can be used for development and testing, so long as the certificate is trusted on the local machine.

See Server requirements for more information.

score 0 · Answer 3 · answered Mar 28 '22 at 21:33

0

This may be an old issue which has resurfaced. You can see more info here

answered Mar 28 '22 at 21:33

Brian Gonzalez

1,178
1
3
15

score 0 · Accepted Answer · answered Mar 31 '22 at 09:16

Well I found the solution. solution was to create and add certificate to app. In desktop outlook aka office outlook for desktop it uses Edge browser as sidebar for Add-ins.

Reason is what browsers need Subject Alternative Name in certificate. So need to create a trusted self-signed SSL cert for localhost (for use with Express/Node) . So the solution was found in this post.

Add-In Error: Content is blocked because it isn't signed by a valid security certificate in Outlook 365

4 Answers4