Digitally signing a macro
You can use the program Selfcert.exe to sign macros or templates you create for your own personal use. Certificates created for use on your own computer are accepted only for the computer the certificate was created on.
Selfcert.exe calls Makecert.exe; both programs are available with Office in the Office 2003 folder and are not available with the Microsoft Office 2003 Editions Resource Kit. However, signing a macro, template, or file with Selfcert.exe does not provide a high enough level of authentication to provide reliable tracking of the source of the file back to its developer. Therefore, if a file you sign with a signature created from Selfcert is distributed to other users, they will not be able to accept your certificate if they are running High security, because the certificate does not have a high enough security level to authenticate who you are. Only a certificate issued by a certificate authority can be used to provide a distributable certificate and signature to others and still pass through Medium and High security levels in Office.
There are limitations to the deployment of Selfcert.exe certificates applied to a macro when macro security is set to High:
- Setting security to Low and then running the macro does not register the certificate in the trusted sources list. Security must be set to Medium or High before any certificates are posted to the trusted Trust Publishers list. In cases where security is set to High on all computers, a Selfcert.exe-signed macro can be deployed, but it does not have a secure enough certificate for use by other users who are running with the High security level. Only a certificate issued by a certificate authority can be used to provide a distributable certificate and signature to others and still pass through Medium and High security levels in Office
- Selfcert.exe-issued certificates are not managed by a certificate authority and do not provide for certificate revocation checking.
- Selfcert.exe does not provide a certificate of trust with a traceable signature.