Digitally sign a macro project

This article explains how you can digitally sign a file or a macro project by using a certificate . If you don't already have a digital certificate, you must obtain one. To test macro projects on your own computer, you can create your own self-signing certificate by using the Selfcert.exe tool.In this article

Obtain a digital certificate for signing

Create your own digital certificate for self-signing

Digitally sign a macro project

Obtain a digital certificate for signing

You can obtain a digital certificate from a commercial certificate authority (CA) or from your internal security administrator or Information Technology (IT) professional.

To learn more about certificate authorities that offer services for Microsoft products, see the list of Microsoft Root Certificate Program Members.

Create your own digital certificate for self-signing

Because a digital certificate that you create isn't issued by a formal certificate authority, macro projects that are signed by using such a certificate are referred to as self-signed projects. Microsoft Office trusts a self-signed certificate only on a computer that has that certificate in your Personal Certificates store.

Create a self-signing certificate

1. Do one of the following:
   • In Microsoft Windows Vista, click the Start button, point to All Programs, click Microsoft Office, click Microsoft Office Tools, and then click Digital Certificate for VBA Projects. In the Your certificate's name box, type a descriptive name for the certificate.
   • In Microsoft Windows XP, click the Start button, point to All Programs, point to Microsoft Office, point to Microsoft Office Tools, and then click Digital Certificate for VBA Projects. In the Your certificate's name box, type a descriptive name for the certificate.
2. When the certificate confirmation message appears, click OK.

To view the certificate in the Personal Certificates store, do the following:

1. Open Windows Internet Explorer.
2. On the Tools menu, click Internet Options, and then click the Content tab.
3. Click Certificates, and then click the Personal tab.

Digitally sign a macro project

1. Open the file that contains the macro project that you want to sign.
2. Do the following in these Microsoft Office system programs:

   Word, Excel, or PowerPoint

   • On the Developer tab, in the Code group, click Visual Basic.

     If the Developer tab is not available, click the Microsoft Office Button , and then click Program Name Options, where Program Name is the name of the program you are in, for example, Word Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

   Visio, Outlook, or Publisher

   • On the Tools menu, point to Macro, and then click Visual Basic Editor.
3. In the Visual Basic Project Explorer, select the project that you want to sign.
4. On the Tools menu, click Digital Signature.
5. Do one of the following:
   • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
   • To use the current certificate, click OK.

Notes:

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates and add-ins so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.