Distribution and trust of the utilized deployment signing certificate via Group Policy is the recommended approach to ensure that end-users are able to install the Dodeca Excel Add-In for Essbase without issue, regardless of the intended deployment mechanism.

See the following article for details: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/distribute-certificates-to-client-computers-by-using-group-policy

If desired, certificates can be trusted at the local machine or current user level using Microsoft’s certutil.exe, regardless of the intended deployment mechanism.

When the GenerateCertificate policy is used by the ClickOnce Prep Utility, a self-signed certificate for each deployment URL will be generated in a location similar to the following: C:\Program Files\Applied OLAP\Dodeca Framework 8.0.0.0000\bin

Certificates generated by the ClickOnce Prep Utility are assigned the following password: password

Example Local Machine Import for Generated Certificate: 

certutil.exe -f -p "<password>" -importPFX Root "<cert>.pfx"
certutil.exe -f -p "<password>" -importPFX TrustedPublisher "<cert>.pfx"

Example Current User Import for Generated Certificate: 

certutil.exe -f -user -p "<password>" -importPFX Root "<cert>.pfx"
certutil.exe -f -user -p "<password>" -importPFX TrustedPublisher "<cert>.pfx"

See the following article for further details: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil

If desired, certificates can be trusted at the local machine or current user level using the Certificates snap-in for Microsoft Management Console (MMC).

See the following article for details: https://docs.microsoft.com/en-us/biztalk/adapters-and-accelerators/accelerator-rosettanet/importing-certificates-using-mmc