The content is blocked because it isn't signed by a valid security certificate error in Outlook addin

Question

I have developed an Outlook add-in which is required to open an authentication dialog before performing a job. I am facing two issues which I think are inter-related.

1. Though the add-in works fine in Edge and Chrome, the dialog doesn't appear in IE. I don't see any error in the console also regarding this.
2. I see below error when it tries to open the dialog.

I am installing the certificates using npx office-addin-dev-certs install, and have already re-installed them as recommended in different forums. Also, my Outlook version is up-to-date.

Any help is appreciated.

Answer 1

For me issue happened after Windows 10 update, certs went old.

Fix is deleting content of folder C:\Users\{username}\.office-addin-dev-certs and running command npx office-addin-dev-certs install in order to renew certs.

Further info here https://github.com/OfficeDev/office-js-docs-pr/issues/1598

Answer 2

In my case, I tried many ways, but I failed all of them.

I don't understand well, but anyway, I solved it by changing the security settings of Internet Explorer.

Internet Explorer (not Edge) -> Internet Options -> Advanced -> Security -> "Check for server certificate revocation"

make sure uncheck this options, and then reboot.

Please refer to this link for further adjustment. https://appuals.com/fix-content-was-blocked-because-it-was-not-signed-by-a-valid-security-certificate/

Answer 3

This can be happened after windows 10 update.

Please delete C:\Users{username}.office-addin-dev-certs folder and execute "npm run start"

Then it is automatically that generates new certs on same folder

This is only suitable for the localhost only

Answer 4

In Windows 11 I couldn't get this to work. I tried deleting C:\Users\{username}\.office-addin-dev-certs and reinstalling with npx office-addin-dev-certs install but that didn't work. I even went to Internet Options -> Advanced and disabled Check for publisher's certificate revocation and Check for server certificate revocation:

...but that still didn't fix the problem.

The only way I got this to work was to run Fiddler Classic. As soon as I opened Fiddler, it started to work. I believe this is because access to https://localhost:3000 gets proxied through Fiddler and Fiddler uses its own self signed certificate (which gets installed when you enable the Decrypt HTTPS traffic option in Fiddler).

Answer 5

After windows update, npx office-addin-dev-certs install generated certificate isn't recognized by edge browser. Even though there is dialog which says that the import is successful, the imported certificate wouldn't show up in browser certificate collection list. I have created new SSL certificate using openssl and made sure that the following properties are set:

1. Issued to and Issued by properties should be same i.e., localhost
2. Make sure that subject is set to localhost as well
3. Subject alternative name should also be set as localhost DNS Name=localhost

This helped me to fix the issue https://stackoverflow.com/a/71487759/6491417