Existing self-signed certificates failing with Office 2007 AND Windows 7
A problem has arisen in Windows 7/Office 2007 in relation to an Excel spreadsheet/template with an Auto_Open macro which we have used for years on Office XP/2003.
This spreadsheet has a self-signed certificate which is installed on all PCs in the office so that it can be opened without prompting even though macro security is set to Medium (prompts before opening a spreadsheet with macros). This is the desired behaviour.
We have just purchased two new PCs running Office 2007 and Windows 7. Macro security is set as "disable all macros with notification". For these machines, the worksheet opens normally, but with a warning preventing macros running. There is no option to allow the macros to run.
The warning is "Warning: This digital signature is invalid and cannot be trusted. The macros will be disabled."
Opening the self-signed certificate and importing it did not change the situation (although I just used the default options in the importation process as I am not sure of the best way of doing
this in the new versions).
Curiously, as a test, I removed the security certificate, and Excel then opened it as expected (i.e. the warning about macros appeared, including an option to allow them to run).
There was no problem using Office 2007 on a Windows XP machine, or using Office XP on a Windows 7 machine; the problem only seems to exist when using both Office 2007 and Windows 7.
I am not familiar with either Windows 7 or Office 2007. What am I missing?
error-office-2007-with-Windows-7.jpg
error-office-2007-with-Windows-X.jpg
This spreadsheet has a self-signed certificate which is installed on all PCs in the office so that it can be opened without prompting even though macro security is set to Medium (prompts before opening a spreadsheet with macros). This is the desired behaviour.
We have just purchased two new PCs running Office 2007 and Windows 7. Macro security is set as "disable all macros with notification". For these machines, the worksheet opens normally, but with a warning preventing macros running. There is no option to allow the macros to run.
The warning is "Warning: This digital signature is invalid and cannot be trusted. The macros will be disabled."
Opening the self-signed certificate and importing it did not change the situation (although I just used the default options in the importation process as I am not sure of the best way of doing
this in the new versions).
Curiously, as a test, I removed the security certificate, and Excel then opened it as expected (i.e. the warning about macros appeared, including an option to allow them to run).
There was no problem using Office 2007 on a Windows XP machine, or using Office XP on a Windows 7 machine; the problem only seems to exist when using both Office 2007 and Windows 7.
I am not familiar with either Windows 7 or Office 2007. What am I missing?
error-office-2007-with-Windows-7.jpg
error-office-2007-with-Windows-X.jpg
geowrian
You may need to import the certificate into the "Trusted Root Certification Authorities" store, instead of using automatic.
Is the file saved in a trusted location? This should enable the macros to run:
: Enable a trusted location ... AND inhibit macros otherwise so do both!
: Disable Macros
Office Button, (top left of the screen)
Options
Trust Centre
Trust Centre Settings
MAcro Settings
Disable All MAcros with warnings
: Enable Trusted Locations
Office Button, (top left of the screen)
Options
Trust Centre
Trust Centre Settings
Trusted Locations
Add a preferred location
ENSURE YOUR FILE IS IN A TRUSTED LOCATION
Re-open to ensure it is recognised if the above has been changed
Chris
: Enable a trusted location ... AND inhibit macros otherwise so do both!
: Disable Macros
Office Button, (top left of the screen)
Options
Trust Centre
Trust Centre Settings
MAcro Settings
Disable All MAcros with warnings
: Enable Trusted Locations
Office Button, (top left of the screen)
Options
Trust Centre
Trust Centre Settings
Trusted Locations
Add a preferred location
ENSURE YOUR FILE IS IN A TRUSTED LOCATION
Re-open to ensure it is recognised if the above has been changed
Chris
ASKER
Thanks, geowrian and chris.
chris_bottomley, I tried to add the relevant directory to the Trusted Locations, but received an error message advising that the network location could not be added to Trusted Locations.
geowrian, when I tried to import the certificate into the "Trusted Root Certification Authorities" store, a pop-up message advised that the import worked. However, this does not seem have worked properly. The same "digital signature is invalid and cannot be trusted" message appears. When I view the certificate it still says "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store".
Sorry if this seems confused; Windows 7/Office 2007 seem to do this quite differently from the Windows XP/Office 2003 which I have previously used.
chris_bottomley, I tried to add the relevant directory to the Trusted Locations, but received an error message advising that the network location could not be added to Trusted Locations.
geowrian, when I tried to import the certificate into the "Trusted Root Certification Authorities" store, a pop-up message advised that the import worked. However, this does not seem have worked properly. The same "digital signature is invalid and cannot be trusted" message appears. When I view the certificate it still says "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store".
Sorry if this seems confused; Windows 7/Office 2007 seem to do this quite differently from the Windows XP/Office 2003 which I have previously used.
Does the certificate have any intermediary CA's? Can you post a screenshot of the "certification path" for the certificate (double-click the cert and choose the tab)? It's possible that the cert in question is valid, but the issuing CAs are not, which would make the certificate in total invalid.
HMmm I didn't realise it would be a network folder ... because such can be out of your control they are less reliable as trusted locations and downright risky if they are public.
That said however generally there is no reason a network folder cannot be trusted so I don't understand the error, sorry!
Chris
That said however generally there is no reason a network folder cannot be trusted so I don't understand the error, sorry!
Chris
ASKER
geowrian,
I have attached a screen shot as requested, but with our company name obscured. Does that help?
certification-path--our-company-.jpg
I have attached a screen shot as requested, but with our company name obscured. Does that help?
certification-path--our-company-.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, geowrian
That link was very useful, particularly its comment "In some cases you have to check show physical stores, then select 'Local Computer' under Trusted Root Certification Authorities."
I did that, and it worked!
That link was very useful, particularly its comment "In some cases you have to check show physical stores, then select 'Local Computer' under Trusted Root Certification Authorities."
I did that, and it worked!