Solved

How can I Sign an Office Macro

Posted on 2007-12-03
9
375 Views
Last Modified: 2010-07-27
I have created some Word and Excel macros that will be used only by the employees at the company where I work. We have all users configured with the "High Security" setting, for security purposes of course. Now the only way that my macros will run on the users computers "no questions asked", the macros have to be signed by an acknowledged trusted source. We already have in place a "trusted certificate authority" that we currently use to validate an SSL certificate for our OWA service.

Now my question: How can I sign my macros with the Certificate (CA) that we already installed on all PCs, so that all of my users will simply run my macros "no questions asked" by Word or Excel while still having the "High Security" setting on?

0
Comment
Question by:camilorgp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 45

Accepted Solution

by:
patrickab earned 250 total points
ID: 20400084
Digital Certificates  info provided by zorvek see:

http://www.experts-exchange.com/Applications/MS_Office/Excel/Q_21831911.html

An unofficial digital certificate can be added to an Excel workbook so that, after a one time interaction with the user where the user either allows or disallows that digitial certificate, the user can then repeatedly open the workbook and run macros without any warnings at all, even if their security setting is high. An extended description of how to create and use digital certificates can be found at http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=194. A brief tutorial is included below.

To create a free unsecure code-signing digital certificate locate and run SelfCert.exe. It is an optional utility installed as part of the Office installation found in the Office installation directory. If not found, open the Add/Remove Programs control panel, run the Office Installer, and install Digital Signature for VBA projects under Office Tools. When run SelfCert asks for a name - enter any meaningful name or description. The text entered is displayed to the user whenever they are asked to accept or decline the digital certificate. For more information see http://support.microsoft.com/default.aspx?scid=kb;en-us;Q217221.

Once the digitial certificate has been created on the development system, open the workbook and press ALT+F11 to open the VBE. Select the menu command Tools->Digital Signature. Click Choose and select the desired digital certificate (they are listed by name.) Click OK. Click OK again. The workbook now contains a digitial signature. Since the development system already has the digital signature installed, the workbook will now open on that system without any macro warning prompt.

To allow the workbook to run without the macro security warning on another system the digital certificate has to be installed on those systems as well. Copy the workbook to a target system and open it. Excel will present the Security Warning dialog. Click Details to show the Digital Signature Details dialog. Click View Certificate to show the Certificate dialog. Click Install Certificate. Click Next twice and then Finish. Click Yes when the prompt is displayed asking if the certificate should be installed. Click OK on the completion dialog. Click OK twice more to close the widows. Click Enable Macros on the Security Warning to open the workbook. In the future any workbook with that digital certificate installed will open without a macro security warning.

Since it is relatively easy for someone to forge an unsecure digital certificate and place it in a malicious workbook, this method of avoiding macro security warnings may not be an acceptable solution. In the event that a decision is made to abandon this technique the installed digital certificates can be easily removed by opening the Internet Options dialog from either Internet Explorer or from the control panels and navigating to the Content tab. Click on Certificates. Find the certifcates to be deleted (they should be in either the Trusted Root Certification Authorities or Other People section,) selecting them, and click the Remove command button. Click Done when finished.

If true security is required then a secure digital certificate can be purchased from any of the many Certificate Authorities. See Microsoft's list of Certificate Authorities at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/rootcertprog.asp.

For more information on macro security settings in Office, see http://office.microsoft.com/en-us/assistance/HA011362661033.aspx.

Full acknowledgements to zorvek for all of the above.
0
 

Author Comment

by:camilorgp
ID: 20404068
Hello Patrickab,

Thanks for your answer, very detailed explanation. I'm trying to install SelfCert. I have Office Professional Edition 2003 with SP2. I couldn't find the SelfCert application, so I'm trying to install it. According to your comment "If not found, open the Add/Remove Programs control panel, run the Office Installer, and install Digital Signature for VBA projects under Office Tools", but it turns out that under "Microsoft Office - Office Tools" during the installation (Add/remove) process there are no options called "Digital Signature for VBA". Any ideas why I don't have that option? Is there any other way to install the SelfCert application?
0
 

Author Comment

by:camilorgp
ID: 20404135
I'm sorry, I finally found the SelfCert.exe application under the directory "Office12", I think I need some sleep. I will continue following your instructions and I will let you know if I have more questions.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:camilorgp
ID: 20404348
Hello again Patrickab,

I followed the instructions and it works. Only that with this procedure I cannot re-use the CA that I already have. We created an internal Certificate Authority that is already installed on all user's pcs.

The SelfCert application creates not only the Certificate but also the CA, at the same time, so it doesn't give me the chance to use my current CA.

My question now becomes, how can I create a certificate and sign my macros with this CA that I already have. Is there a way to install this CA in Office so that it will appear in the list of available certificates when I use the "Dgital Signature" procedure in VBA?
0
 
LVL 45

Expert Comment

by:patrickab
ID: 20406061
camilorgp,

I really don't have the appropriate experience in this area of Excel so I can't help. It was 'zorvek's' post I quoted in full - perhaps he knows the answer to your question.

If you want to grab zorvek's attention you might like to ask a 20-point question, pointing to this question. Quote the URL to this question and tell readers that you will delete the 20-point question when you've got some extra help here. So you need to say "Please don't make a comment in the 20-pointer" - you do need to say that otherwise you can't delete it yourself.

Patrick
0
 

Author Comment

by:camilorgp
ID: 20406258
Now I have a better understanding of what I really want to ask. What I'm going to do is open a new question. Patrickab thank you for your time.

Moderator, you can delete/cancel this question anytime.
0
 
LVL 45

Expert Comment

by:patrickab
ID: 20406928
camilorgp,

In what way does what you have been told so far not help you?

If it has not helped you at all then it is fair enough to ask for this question to be closed - although not the way you have done so. However it appears to have helped you up to a point and you now need some more help from someone else. So I suggested you ask a pointer question - that's the way to do it.

You cannot claim that you have not been helped when you wrote "I followed the instructions and it works."

Patrick
0
 

Author Comment

by:camilorgp
ID: 20407066
I have thought about what you said, and I think you are right, I make a question, and you gave me answer, it was my fault that it wasn't the question that I needed to ask and it clarified some ideas anyway. So, I'm giving you the points. But I cannot link, first because I already open the new question, and second because I don't want to start the new question clarifying that this question is related but not what I really want, it will save time I think.
0
 
LVL 45

Expert Comment

by:patrickab
ID: 20408009
camilorgp,

Thank you for the grade. I'm sure you're right about the linkage - keep it separate and so clearer.

Patrick
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you use a spreadsheet like Microsoft's Excel?  Have you ever wanted to link out to a non excel file on your computer or network drive?  This is the way I found to do it!
How to get Spreadsheet Compare 2016 working with the 64 bit version of Office 2016
This Micro Tutorial will demonstrate in Google Sheets how to use the HYPERLINK function to create live links inside your spreadsheet.
This Micro Tutorial will demonstrate how to use a scrolling table in Microsoft Excel using the INDEX function.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question