How can I use Microsoft Certificate Authority Services to create a Microsoft Office/VBA Code Signing Digital Certificate

Couple links:
http://msdn2.microsoft.com/en-us/library/aa163622(office.10).aspx
http://msdn2.microsoft.com/en-us/library/aa194036(office.11).aspx

Claudio Rodrigues

Microsoft MVP
Windows Server - Terminal Services

tsmvp,
These links talk about SelfCert, not what I need. As I pointed out in my question I need guidance in order to create the code signing certificate using Microsoft Certificate Authority Services.
But thanks anyway.

Anybody know anything about Microsoft CA?

http://excelsig.org/Tips/0409_digital_certificates.htm

http://support.microsoft.com/kb/217221

http://msdn2.microsoft.com/en-us/library/aa141471(office.10).aspx

Oops...forgot to say that a MS CA won't be much good since nobody outside of your company will trust the certificate chain...that's why MS recommends using a self-signed cert.

Hey Cleaner, Thanks for your posting.
I believe I need to explain my situation a little bit more, maybe I'm wrong so in that way you will help me figure that out.

The certificate will be trusted because we have created certificates for other purposes and the users are only inside of the company, this isn't for anybody that is not an employee. We have used MS CA to create SSL certificates for websites used only by our employees, like our OWA service.

This time around our dev department created some macros, again for internal consumption (employees only) but since we have set the macro security setting in all our PCs to High whenever they open the macros a warning pops up. So, we think that we can generate a certificate to sign this macros with MS CA, and since all of our employees already trust our internal CA, well it will work.

The question is, can we create such a certificate to sign these macros using Microsoft Certificate Authority Services?
And if it is possible, how?

Cleaner, please tell me I'm I right that this can be done, or I'm just wrong about my assumption?

I'm currently on the step: "On the Advanced Certificate Request page, enter the requested information, making sure to specify the Key Usage value as Signature or Both"

On that page I have lots of options, so I will tell you what I think I should choose and then you tell me if I'm right or not.

Certificate Template:
Code Signing

Key Options:
Create new key set
CSP: Microsoft Enhanced Cryptographic Provider v1.0
Key Usage: Signature
Key Size: 1024
Automatic Key Container Name

Additional Optinos:
Request Format: CMC
Hash Algorithm: SHA-1

That will work just fine.

Ok, I just created the code signing certificate, I can see it from the Certification Authority Snap-in.
Now how do I use it to sign the macros?

The code snippet should get you there...

From Excel, click Macro on the Tools menu, and then click Visual Basic Editor.
 
From Excel's Visual Basic Editor, click Digital Signature on the Tools menu.
 
In the Digital Signature dialog box (Figure 2), click the Choose button. 
 
 
Figure 2. The Digital Signature dialog box in Excel
 
 
 
 
 
Select the certificate you just created, as shown in Figure 3. 
 
 
Figure 3. The Select Certificate dialog box
 
 
 
 
 
Press OK twice.
 
From Excel's Visual Basic Editor, on the File menu select Save MSFT.xls.
 
Exit the Visual Basic Editor and Excel.

Select allOpen in new window

Thank you Cleaner, it works like a charm.
Of course the 500 points are yours.

I know this last question wasn't part of the original question but maybe you know the answer, if you don't just post a simple "I don't know" and the points are yours anyway.

How can I extend the expiration date of a certificate?
Is there a place in the Certificate Authority admin snap in where I can set the default amount of time that a new certificate should be valid for? (for instance 5 years).

Oh sure...easy one there...

http://support.microsoft.com/kb/254632